A massive credentials leak has compromised the login information of over 149 million accounts, stolen via an infostealer after a threat actor failed to secure a cloud database.
Leading data breach cross-checking service Have I Been Pwned has added about 71 million email addresses from "Naz.API," a new dataset circulating on the dark web that contains a massive collection of leaked credentials and plaintext passwords.
Guardicore discovered that the Microsoft Exchange server’s Autodiscover feature design flaw leaked credentials of 100,000 users by trying to authenticate on untrusted third-party servers.
