Image by Cedrik Wesche, from Unsplash
Massive Database Leak Exposes 184 Million Login Records From Major Platforms
Reading time: 2 min
Last Updated: May 23, 2025
-
![Kiara Fabbri]()
-
![Sarah Frazier]()
Fact-Checked by Sarah Frazier Content Manager
A huge unsecured database leaked 184 million login credentials, including government emails, risking identity theft and widespread cyber attacks worldwide.
In a rush? Here are the quick facts:
- Data included usernames and plain-text passwords from Apple, Google, Facebook.
- Government accounts from 29 countries were part of the leaked data.
- The database was likely compiled by hackers using infostealer malware.
A huge database containing 184 million login details—including accounts from Apple, Google, Facebook, and many others—was recently discovered online, as revealed in a report by WIRED. The leak included usernames and plain-text passwords, putting millions of people and dozens of government accounts at risk.
WIRED reports that security researcher Jeremiah Fowler discovered the unsecured Elastic database during early May. Fowler described this incident as remarkable because it involved an enormous number of different accounts.
“This is probably one of the weirdest ones I’ve found in many years,” he told WIRED. “As far as the risk factor here, this is way bigger than most of the stuff I find, because this is direct access into individual accounts. This is a cybercriminal’s dream working list,” he added.
The exposed data included login credentials from Facebook, Google, Instagram, Netflix, PayPal, Amazon, and Apple. The sample data revealed email addresses from government agencies in at least 29 countries including the U.S., U.K., India and China—highlighting serious national security concerns.
Fowler believes the hackers obtained the data through malware known as an infostealer, which steals login information from compromised computers.
“It’s the only thing that makes sense, because I can’t think of any other way you would get that many logins and passwords from so many services all around the world,” Fowler told WIRED.
The database operated from World Host Group’s servers. The server operated under fraudulent control until the company shut it down.“Our legal team is reviewing any information we have that might be relevant for law enforcement,” said CEO Seb de Lemos, as reported by WIRED.
Though the leak is closed, experts warn the exposed login credentials could already have been stolen and misused for fraud or identity theft.
Previous Story
Latest articles 
