The problem? The file was unencrypted. No password protection. No security. Just a plain text file with millions of sensitive pieces of data.

Based on his analysis, Fowler determined the data was captured by some kind of infostealer malware. A popular tool used by cybercriminals, an infostealer is designed to grab usernames, passwords, and other sensitive data from breached sites and servers. Once the criminals get their hands on the data, they can use it to launch their own attacks or peddle the information on the dark web.

After finding the database, Fowler contacted the hosting provider, which removed it from public access. Since the provider would not disclose the name of the file’s owner, Fowler said he didn’t know if the database was created legitimately and then accidentally exposed or intentionally used for malicious reasons.