A massive leak exposed 184 million login records, including Apple IDs and plain text passwords. The database sat unprotected on a public server. It also held credentials for Google, Facebook, Instagram, Microsoft, PayPal, and more. Many of these logins are linked to banks, health platforms, and government portals.
Security researcher Jeremiah Fowler found the open server while scanning the web. He confirmed the records were real by contacting some of the people listed. Several responded and verified the leaked passwords.
Malware Likely Stole the Credentials
Fowler believes infostealer malware gathered the data. This malware grabs saved passwords from web browsers, email apps, and crypto wallets. Criminals often spread it through phishing emails and pirated software.
Each record listed the type of account, login link, and password. The password field was labeled “Senha,” the Portuguese word for password. In a 10,000-record sample, Fowler found hundreds of accounts from Facebook, Google, Instagram, Roblox, Discord, Microsoft, PayPal, and Amazon. The sample also included over 200 government email addresses from at least 29 countries.
Hosting Company Shut Down the Server
The server used hosting services from World Host Group. After Fowler alerted them, the company blocked access. A spokesperson said a fraudulent user likely uploaded the data. They have now shut down the server and are working with law enforcement.
The database is no longer online, but it’s unclear if others accessed it before it was taken down. The sheer volume and type of data pose serious risks. Criminals could use these logins to steal money, data, or access other systems.