Jeremiah Fowler, a cybersecurity researcher at WebsitePlanet, stumbled upon a database containing 184 million login credentials and passwords. The directory lacked any protection. In other words, anyone could connect to the server to view the information.
The file contains "18,416,718 unique logins and passwords, totaling 47.42 GB of raw credential data," the researcher explains in a paper published on May 22, 2025. The database includes passwords for Apple, Amazon, Discord, Facebook, Google, Instagram, PayPal, Snapchat, X, WordPress, and Yahoo.
That's not all. The directory also included "credentials for bank and financial accounts, healthcare platforms, and government portals in many countries." It's a veritable mine of sensitive data. With this information, a hacker can log into online accounts or set up formidable scams.
This isn't the first time Fowler has uncovered compromised databases in open access. Three months ago, the researcher had already gotten his hands on 2.7 billion compromised Wi-Fi passwords and IP addresses online.
Authentic Data
Jeremiah Fowler was able to confirm the authenticity of some of the data by contacting the people concerned. He explains that he sent "a message to several email addresses listed in the database." With the responses, he was able to validate several files "because these people confirmed that the files contained their exact and valid passwords." Subsequently, the researcher contacted the file's host. This restricted access to the directory for security reasons.
According to the researcher, the database was compiled by a cybercriminal. The hacker likely used infostealer malware to achieve his goals. Having infiltrated users' devices, the virus sucked up a large amount of information. The "records show several clues indicating that the exposed data was collected by a type of malware called an infostealer." This type of virus is deployed through several methods, including phishing emails and malicious advertisements. Among the most widely used infostealers are Lumma Stealer, whose infrastructure has just been dismantled, Redline, Raccoon, and Meta Stealer.
A "dream" for hackers
Once sucked up, the information was then gathered into a single file… left for all to see. It is unknown how long the database was exposed before Jeremiah Fowler intervened. Similarly, it is unknown whether a third party was able to consult the directory before him. In any case, the directory is "a dream come true for cybercriminals."
Source: Website Planet
0 Comments