A security researcher has uncovered a massive exposed database containing login credentials for 184 million accounts across major services like Apple, Facebook, and Google, as well as government agencies in 29 countries. The database, discovered in early May, includes plaintext passwords and usernames, raising significant security concerns. Jeremiah Fowler, the researcher who found the 47-gigabyte trove, reported the breach to World Host Group, the hosting provider, which quickly shut down access to the database. The company described the data as content uploaded by a ‘fraudulent user’ and pledged to cooperate with law enforcement authorities.
Initial analysis of the database revealed 220 email addresses associated with government domains from countries including the United States, China, and Israel. Fowler, speaking to Wired, suspects that the data was compiled by cybercriminals using infostealer malware—a type of malicious software designed to steal sensitive information from users’ devices. The presence of plaintext passwords and usernames in the database underscores the potential for widespread identity theft and unauthorized access to sensitive accounts.
While the exact origin of the database remains unclear, the exposure of such a vast trove of login credentials highlights the ongoing vulnerabilities in online security. Cybersecurity experts warn that this incident could have far-reaching implications for both private individuals and government entities, as the data could be used for phishing attacks, credential stuffing, or other forms of cybercrime. The incident also raises questions about the effectiveness of current data protection measures and the need for improved security practices among digital service providers.