Cybersecurity researcher Jeremiah Fowler has uncovered a massive trove of exposed login credentials linked to suspected infostealer malware activity, raising serious global concerns about data privacy and identity theft.
Fowler discovered a non-password-protected and unencrypted database holding more than 184 million unique usernames and passwords, totaling 47.42 GB of raw data. The breach was reported to Website Planet, and access to the database was promptly restricted following responsible disclosure to the hosting provider.
The database, linked to two anonymous domains, included credentials from platforms like Facebook, Microsoft, Google, Discord, Roblox, Instagram, and even government and financial portals from around the world.
He also identified sensitive corporate and government account data among the records, potentially exposing users to credential stuffing, account takeovers, espionage, and phishing campaigns.
“The files were labeled with the Portuguese word for password, ‘senha,’ though the rest of the data was in English,” Fowler noted. Attempts to validate the exposed data confirmed that several credentials were indeed real and active.
While the source of the data is unconfirmed, its structure strongly suggests it was harvested by infostealer malware, malicious software that collects login credentials, autofill data, cookies, and even crypto wallet info from infected systems. Such malware is often delivered via phishing emails, malicious websites, or pirated software.
The breach highlights the growing threat of automated cyberattacks. Without two-factor authentication, compromised accounts are particularly vulnerable. Fowler stressed that many users still reuse passwords across multiple accounts, making it easier for malefactors to breach several systems at once.
In response to the exposure, Fowler advises users to:
- Regularly change passwords and use unique credentials for each service
- Enable two-factor authentication (2FA)
- Monitor for suspicious activity and use breach-checking tools
- Consider password managers and antivirus or EDR tools for added protection
Though the database is no longer accessible, Fowler warns that similar caches may still be circulating in criminal forums or Telegram groups. He emphasized that handling or distributing stolen credentials is a criminal offense in many jurisdictions, including under U.S. and EU laws.
Fowler did not download the data or engage with it beyond documenting the breach, saying his only goal is to raise awareness and help organizations prevent exposures of this nature.
The incident is a stark reminder of how easily sensitive data can fall into the wrong hands, and the importance of maintaining strong personal and organizational cybersecurity hygiene.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.