Unsecured database of stolen credentials leaks 184 million credentials
Learn More
Cybersecurity researcher Jeremiah Fowler has discovered and reported a data leak through a non-password-protected database containing 184 million login and password credentials.
The database, totaling 47.42 GB (184,162,718 of unique logins) was publicly accessible without password protection. The credentials appear to have been harvested through infostealer malware campaigns.
Infostealer malware is specifically designed to extract sensitive information from infected systems, typically targeting credentials stored in web browsers, email clients, and messaging applications. Infostealers also steal autofill data, cookies, cryptocurrency wallet information, and in some cases capture screenshots or log keystrokes from compromised devices.
The compromised database included:
- Email addresses
- Usernames
- Passwords
- URL links to login and authorization pages for various accounts
- Credentials for email providers
- Microsoft product logins
- Social media credentials (Facebook, Instagram, Snapchat)
- Gaming platform access (Roblox)
- Banking and financial account credentials
- Health platform login information
- Government portal credentials from multiple countries
The database files were notably labeled as "senha" (Portuguese for "password") while all other text appeared in English. It's very probable that the credentials are already present in various other lists, but this collection is quite concerning as a single searchable resource for so many targets at once.
Fowler confirmed the authenticity of the exposed data by contacting multiple email addresses listed in the database. Several individuals confirmed that the records contained their accurate and valid passwords.
Fowler immediately sent a responsible disclosure notice to the hosting provider, and the database was restricted from public access. The hosting provider declined to disclose customer information and the owner of the database couldn't be identified through OSINT.
