Cybersecurity expert Jeremiah Fowler has revealed a massive data breach involving 184 million login and password records.
He found the exposed data on an online database that was not protected by a password or encryption.
The database contained over 184 million usernames and passwords, adding up to 47.42 GB of raw data. It included login details for popular services like Facebook, Instagram, Microsoft, Snapchat, Roblox, and even bank accounts, government sites, and health platforms. This kind of exposure could put millions of people around the world at serious risk.
Fowler traced the database to two domain names, but one is inactive and the other is unregistered. Since the owner used private registration, there’s no clear way to find out who created the database. Fowler quickly notified the hosting provider, and access to the database was restricted soon after.
Fowler believes the data was likely stolen using InfoStealer malware. This type of malware is designed to collect sensitive data, like usernames, passwords, browser autofill info, cookies, and even crypto wallet details. It often spreads through phishing emails, fake websites, or cracked software. Once the malware infects a system, it silently collects data and either sells it on dark web forums or uses it for fraud and identity theft.
In screenshots shared by Fowler, the files were labeled with the Portuguese word “senha” (meaning password), even though the rest of the text was in English. This might suggest a possible connection to Portuguese-speaking cybercriminals.
To confirm the breach was real, Fowler contacted several people listed in the database. Some confirmed that their actual passwords were exposed, proving that the data is authentic.
