A cybersecurity investigation conducted by expert Jeremiah Fowler has uncovered a massive open database containing user credentials from major platforms like Apple, Google, Microsoft, and Discord, as well as data from banking, healthcare, and government systems. The database includes a staggering 184 million records of usernames and passwords.
The total size of the database is 47.42 GB, and it was found publicly accessible on the servers of hosting provider "World Host Group." According to Fowler, this is one of the largest and most dangerous data leaks in recent years. Unlike previous breaches that typically involve a single platform, this leak includes data gathered from hundreds of thousands of different sources. Verification of some email addresses confirmed the authenticity of the leak.
The structure and content of the database suggest that the data was collected using info-stealer malware — malicious software that steals passwords from web browsers, messaging apps, and email clients. Some files were marked with the word “senha” (Portuguese for “password”), indicating a possible international origin of the data.
Although the database has since been taken offline, experts believe that cybercriminals may have already downloaded the data. Such information often resurfaces on the darknet or in Telegram channels and is used for future cyberattacks.
Users are strongly advised to change their passwords immediately, enable two-factor authentication, and avoid storing sensitive information in their email accounts.
