Security researcher Jeremia Fauler recently stumbled on a large database of login information and password with a record over 184 million records. He mentioned the search in an article Website planet,
The data was not encrypted in any form and was stored in public, which meant that any person with knowledge of its existence could download the data.
The sheer size of the database, over 47 gigabyte data, makes it one of the largest leaks in recent history. In early 2024, a 70 million record password dump was discovered.
An initial sample of data also unveiled the link for email, user name, password, and login or authority pages. Founder found login information and passwords for a wide range of services in the dump. Notable products and services include Facebook, Instagram, Snapchat, Microsoft Products, Google, Dysord and NHS.
Founder discovered the database in early May 2025 and informed it to the web hosting company, which shortening public reach shortly to prevent the spread of data. He wrote several email accounts found in the database to verify the authenticity of the data and was able to confirm it based on the answers obtained.
The security researcher suspects that it may be an infostealer dump. Infostealer Malware is designed to copy sensitive information including passwords, cookies, recovery keys, credit card number on the infected system.
potential risk
Cyber criminals can use credentials and other sensitive data exposed for various attacks or benefits:
- Credibility: It tries to try user names and password combinations on popular sites. Many internet user users use the same user name and password on sites. Get access to one, get possible access to all.
- Account acquisition: Changing the password of the account can prevent the original owner from signing, especially if identified information, such as linked email addresses or phone numbers also change.
- Corporate / Government Steering: Get access to corporate or government networks through employees’ accounts.
- Fishing and Social Engineering: Attacks can be carried out against the email or mobile phone number found in the dump.
How to protect your accounts
The database is no longer available online and has not been integrated into a device as if I have been pwned yet. Users can improve the safety of their online accounts as a precautionary measure.
Here are our suggestions:
- Ensure that each online account uses a safe, unique passwordAvoid dictionary words and names in passwords and mix numbers, upper and lower-kese letters, and special characters. Password manager is your friend.
- Enable two-factor authenticationEspecially for high-value accounts, eg, papail, your email account, bank accounts and so on.
- Option: Passkeys or security keys for additional protection.
- Protect sensitive data, Such as financial documents, tax information, medical documents, private photos and videos. Encryption is important.
- Do not store sensitive information in email accounts or online,
- Use good antivirus And keep it up -to -date to protect it from the bulk of online dangers.
Now you: Is there any suggestion about staying safe online? Feel free to share them with all in the comment section below.
Thanks for reading..
