In yet another huge data breach, a massive number of account credentials such as logins and passwords to email and bank accounts have been exposed online. Cybersecurity researcher Jeremiah Fowler has in a report disclosed that he found a huge internet database of over 184 million unique account credentials.
Fowler discovered a file containing usernames, passwords, emails, and URLs for numerous apps and websites, including Facebook, Instagram, Snapchat, Microsoft, Apple, Google, and others. Not just that, credentials for government portals, health platforms, and bank and financial accounts were also included in the database.
The most dangerous bit was that there was no encryption on the file. The lack of password security or any other protection means millions of sensitive pieces of data are available in plain text for cybercriminals to misuse.
Data Stolen By Infostealer Malware
According to Fowler’s analysis, this data was obtained by an infostealer of some kind, which means the accounts and people exposed are susceptible to additional scams and malicious activity from cyber criminals.
Fowler was unsure whether this database was initially constructed maliciously or legitimately because the host would not provide the owner’s identity, even though they had taken it down from the public domain.
He also sent emails to several people in the file to verify the accuracy of the material. A number of them confirmed that the documents indeed had account passwords and other information.
Threats To Compromised Users
Fowler indicated that users whose data was stolen were open to:
Credential Stuffing Attacks: Users with the same password across several accounts are vulnerable to hackers who could test various password and email combinations across other websites.
Phishing And Social Engineering: Cybercriminals can obtain a history of a person’s contacts and chats and later target them with phishing attacks.
Ransomware And Espionage: Fowler found numerous business credentials in the compromised data. The attackers can use this information for corporate espionage, ransomware campaigns, and to steal company documents.
State And Government Attacks: Fowler observed many government accounts, which an attacker can use to target state organisations.
How To Protect Against Data Breach
Users can take certain steps to prevent misuse of data in the event of a breach. These include:
Change passwords if you think your old password could have been compromised.
Use strong and unique passwords and avoid using the same across sites.
Use a password manager and multi-factor authentication.
RECOMMENDED FOR YOU
2023 Parliament Security Breach: Delhi High Court Grants Bail To Two Accused
Jul 02, 2025
Don’t Change Your Passwords First — Steps To Secure Your Account After 16 Billion Passwords Leaked
Jun 23, 2025
Massive Data Breach: 16 Billion Passwords Leaked — Apple, Facebook, Google Logins Compromised
Jun 20, 2025
Key Iran Nuclear Enrichment Site Of Natanz Shows No Sign Of Breach
Jun 13, 2025
POPULAR