149 Million Credentials Exposed: Why Your Current Security Posture May Not Be Enough

There are reports of “thousands” of attacks daily but numbers get scary when the likes of 🔗Wired put out a discovery of 149 million credentials exposed. That is the number of usernames, passwords, and unique login credentials recently discovered in an unsecured, publicly accessible database. The cache included 48 million Gmail accounts, 17 million Facebook logins, and hundreds of thousands of credentials for banking, cryptocurrency, and government portals.

For security professionals and business leaders, the terrifying part isn’t just the volume of data; it’s more the mechanism behind it. This wasn’t a sophisticated, state-sponsored heist on a single fortress. It appears to be the work of infostealing malware which is a low-cost, automated tool democratising cybercrime.

At Mondas, we see this incident as an opportunity to highlight why standard defensive measures are often insufficient and why companies might consider a gap analysis as a strong way to understand their exposure.

The “Dream Wish List” for Criminals

Jeremiah Fowler, the security analyst who discovered the trove, described it as a “dream wish list for criminals.” The database wasn’t just a dump of data; it was being actively indexed and organised. As Fowler watched, the database grew, suggesting that the malware feeding it was still active on thousands of infected devices, silently harvesting keystrokes and credentials in real-time.

The barrier to entry for this kind of attack has collapsed. Allan Liska from 🔗Recorded Future notes that criminals can rent infostealer infrastructure for as little as $200 to $300 a month. For less than the cost of a car payment, a novice attacker can gain access to hundreds of thousands of corporate and personal identities.

The Invisible Gap in Your Defence

Infostealers often bypass traditional perimeter defences because they target the user, not the server. They infect endpoints via phishing emails or compromised software downloads, sit quietly in the background, and steal valid credentials. When an attacker uses a legitimate username and password (and perhaps even a stolen session token to bypass Multi-Factor Authentication), they don’t look like a hacker to your system. They look like an employee.

Many organisations have security tools in place, but they lack visibility into the gaps between those tools.

• Do you know which SaaS applications your employees are using?
• Are you monitoring for “Shadow IT”?
• If an employee’s personal device is compromised by an infostealer, does that grant access to your corporate database?

Advice from Mondas

At Mondas, we move beyond simple “box-ticking” compliance and utilise best-in-class software and AI-driven tools to perform deep-dive Risk Assessments. Our approach is to think like the attacker. We look for the unsecured databases, the weak identity management protocols, and the blind spots in your SaaS ecosystem that infostealers exploit.

We recently released an example breakdown of what an Identity and SaaS Risk Assessment might look like. You can see exactly how we review potential vulnerabilities in our latest video here: 📺Watch: Identity and SaaS Risk Assessment Video

Steps to Take Today

If this breach tells us anything, it’s that complacency is the enemy. To secure your organisation against the rising tide of automated malware:

The era of “set and forget” security is over. With credentials floating in the wild, the question is more when than if your defences will be tested.

Are you confident in your security gaps? Contact Mondas today to schedule your comprehensive Risk Assessment.

This article was brought to you by George Eastman, Sales Manager at Mondas, read more about George 🔗here.