Particle.news
Download on the App Store
12 ARTICLES
·
3mo ago

Unencrypted Database of 184 Million Credentials Taken Offline After Infostealer Breach

A security researcher’s alert prompted the hosting provider to shut down public access to the database.

Image
The cybersecurity researcher said he contacted several individuals using emails listed in the illegal database and claimed to have received a confirmation from them that the illegal database contained “their accurate and valid passwords.”
An unencrypted database with more than 184 million passwords has leaked, exposing users' credentials for Facebook, Instagram, Snapchat, and more.
Image

Overview

  • Cybersecurity researcher Jeremiah Fowler discovered the 47 GB plaintext database in early May, exposing 184,162,718 unique logins for platforms including Google, Microsoft, Facebook, banking services and government portals.
  • Forensic analysis indicates the credentials were harvested by infostealer malware that captured stored passwords, autofill data and cookies from infected devices.
  • The database lacked encryption and password protection, leaving sensitive account information accessible to anyone who found it.
  • World Host Group removed the exposed files after Fowler’s notification, but the database owner’s identity and purpose—whether research or criminal—remain undetermined.
  • Experts advise users to reset affected passwords, enable two-factor authentication and monitor accounts for suspicious activity to guard against credential stuffing and identity theft.