TEXAS — Some Texas online users’ login information may have been found on a publicly accessible database, containing more than 184 million login credentials.

What You Need To Know

  • The data breach was discovered by Jeremiah Fowler, a cybersecurity researcher who has worked in the online sector for over 10 years

  • The breach, according to Fowler, was able to retrieve almost 50 gigabytes of raw data

  • One group, the Texas Cybersecurity Clinic Program at the University of Texas at Austin’s Strauss Center, is trying to help organizations across Texas prevent breaches and other online threats like the one Fowler discovered

The data breach was discovered by Jeremiah Fowler, a cybersecurity researcher who has worked in the online sector for over 10 years. Fowler says hacks usually focus on one particular niche or industry, but this was a widespread effort.

“It was everything,” he said. “There was [sic] bank accounts, email accounts, government portals. When you look at it from the aspect of a cybercriminal, this would be a dream list.”

The breach, according to Fowler, was able to retrieve almost 50 gigabytes of raw data. On top of login credentials, emails and authorization URLs were also part of the hack. Fowler traces the breach back to a computer malware called infostealer.

“This looks for algorithms where it says login, password, administrative credential, anything like that. It captures that and dumps it on this database,” Fowler said.

He said that it’s not as simple as changing a password to ensure privacy online.

“If you still have that malware on your device, it doesn’t matter if you change your password or how strong that password is, that malware is still going to extract it,” said Fowler.

More in-depth approaches like multi-factor authentication or even a physical key that plugs into a computer can help people and organizations keep their data and online information secure.

One group, the Texas Cybersecurity Clinic Program at the University of Texas at Austin’s Strauss Center, is trying to help organizations across Texas prevent breaches and other online threats like the one Fowler discovered.

“I’m really passionate about preventing crime, preventing the worst day from happening to people, and I also love mentoring and working with people who are looking to get into a national security career,” said Francesca Lockhart, the program lead.

Protecting online privacy and data is something Lockhart has spent years doing, from her time as an undergraduate student at UT Austin to managing the intelligence and counterterrorism division at the Texas Department of Public Safety’s Homeland Security Unit. 

“In 2023, the university decided, through the Strauss Center, let’s train students in cybersecurity, prepare them to go into that career field and get workforce development experience, while also simultaneously having them provide free services to those who need it the most,” Lockhart said.

Small businesses, nonprofits and even local municipalities are amongst the clinic’s clientele.

“Our students work with them and improve their cybersecurity posture and install some basic defenses and do some training and things like that as part of their clinic service,” said Lockhart.

Lockhart raised the point that extra security measures and training may be inconvenient, but it beats the alternative of getting hacked, which could lead to more serious concerns like identity theft or financial fraud.

“It’s not a matter of if something is going to happen to you, but when something is going to happen to you, so focus on those critical accounts,” Lockhart said.