A cybersecurity researcher has discovered an unprotected online database exposing over 184 million unique login credentials tied to major platforms including Google, Meta (Facebook, Instagram), Apple, Microsoft, Snapchat, Roblox, and more.

Jeremiah Fowler, the researcher behind the discovery, reported that the 47.42GB database contained sensitive details like emails, usernames, passwords, and direct login URLs. The data appears to have been harvested through infostealer malware, often embedded in phishing emails, malicious sites, or pirated software.

The exposed credentials also included access to banking services, health platforms, and even government portals—putting users at serious risk of identity theft, fraud, and further cyberattacks.

While the origin of the database remains unclear, its IP address was linked to two domain names—one inactive and the other unregistered. Most filenames used the Portuguese word “senha” (password), hinting at a possible region of origin.

Fowler validated several records by contacting affected individuals, confirming their email-password combinations were accurate and currently in use. He notified the hosting provider, which has since removed the database, but did not disclose who owned it.

Security experts, including AppOmni’s Chief Security Officer Cory Michal, stress that while leaked credentials are often traded on dark web forums, the scale and freshness of this breach make it particularly dangerous. Michal noted that identity providers tied to SaaS and cloud services are prime targets, heightening the potential for downstream account takeovers.

Fowler urges users to change their passwords immediately and avoid storing sensitive files—like medical documents or tax records—in their email. Instead, he recommends using encrypted cloud services for secure data sharing.

This breach underscores the growing threat of credential theft and highlights the urgent need for better personal cybersecurity practices and data protection awareness.

Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.

News Source: ITPro.com