A cybersecurity researcher, Jeremiah Fowler, has uncovered a significant data breach involving an unsecured database containing more than 184 million passwords alongside email addresses and authorization URLs linked to major platforms like Apple, Google, Facebook, Microsoft, Instagram, and Snapchat.
What makes this breach particularly alarming is the exposure of sensitive login credentials for banking, financial services, healthcare platforms, and government portals. Unlike typical databases that encrypt sensitive information, this data was stored as an unprotected, plain text file accessible online.
Fowler’s analysis suggests that the compromised data likely originated from infostealing malware such as Lumma Stealer, commonly used by cybercriminals to harvest usernames, passwords, and credit card details from infected systems, which are then sold on the dark web.
After notifying the hosting provider, the file was removed from public access. However, the provider refused to disclose the owner’s identity. To verify the breach’s authenticity, Fowler contacted several affected individuals and confirmed the leaked credentials were genuine.
Experts warn that users who reuse passwords across multiple sites are especially vulnerable. Compromised accounts may lead to identity theft, online fraud, and scams. Additionally, the leak includes business credentials that could facilitate corporate espionage, ransomware attacks, and theft of sensitive government information.
To safeguard against such threats, cybersecurity professionals recommend using strong, unique passwords, enabling multi-factor authentication, and regularly monitoring accounts. Google also offers a free tool to check if your login details have been exposed on the dark web.
