In May 2025, cybersecurity expert, Jeremiah Fowler, identified an unprotected database that contained over 184 million login and password credentials for popular platforms like Facebook, Google, and Microsoft.
The database was unencrypted and unprotected, comprising 47.42 GB of raw plain-text data, translating into 184,162,718 credentials. According to Fowler, this data was likely extracted via an infostealer malware attack.
The database showing entries from Facebook, Roblox, Google, NHS, Live, Microsoft, Discord, and Snapchat. (Credit: Jeremiah Fowler)
This data breach contains plain-text user credentials and authorization URLs for the following services:
Fowler verified the accuracy of the stolen data by contacting some of the users of the leaked emails, who confirmed the credentials were theirs. Additionally, there’s a high suspicion that the data was acquired via an infostealer malware cyberattack, which can be achieved by pulling data from an infected system. This type of cyberattack targets browser-stored passwords, messaging apps, email clients, autofill data, cookies, and more.
A list view of how the accounts were organized inside the database. (Credit: Jeremiah Fowler)
Unfortunately, data breaches are now common, and the number of people whose credentials have been leaked is astonishing. Hackers have developed highly sophisticated breaching mechanisms that can go unnoticed for long periods, giving them time to sell or exploit them for malicious activities, such as identity theft.
Whether you’ve already been affected by exposed information or not, you must follow the best practices to protect yourself in case of a data breach. This offers more control over your data and provides multiple ways to protect yourself even after having your credentials exposed.
Share your thoughts, ask questions, and connect with other users. Your feedback helps our community make better decisions.
©2012-2025 Best Reviews, a clovio brand –
All rights
reserved
