Overview

• Cybersecurity researcher Jeremiah Fowler discovered an unsecured, unencrypted database containing over 184 million passwords tied to Apple, Google, Facebook, Microsoft, Instagram and Snapchat.
• The exposed data extended beyond social media to include banking, health portals, financial services, government platforms and business systems.
• Fowler notified hosting provider World Host Group, which promptly restricted public access to the database while withholding information about its owner.
• Analysis indicates the credentials were likely harvested using infostealing malware such as Lumma Stealer and may have been sold on the dark web.
• Experts urge all users to adopt strong, unique passwords, enable multi-factor authentication and regularly update credentials to guard against identity theft and ransomware.