Blog
184M Plain-Text Passwords Leaked in Major Breach: Google, Apple, Instagram Users at Risk
Data Breaches

184M Plain-Text Passwords Leaked in Major Breach: Google, Apple, Instagram Users at Risk

Guardio Research Team
Insights & Guidance
Reviewed by
Sharon Blatt Cohen
June 12, 2025
5
min read
Updated on
June 25, 2025
184M plain-text passwords leaked in a massive breach, exposing Google, Apple, and Instagram. Data was unprotected, putting users at risk of identity theft and account hijacking. Learn what happened, what was exposed, and how to stay safe.
Table of Contents
184M plain-text passwords leaked in a massive breach, exposing Google, Apple, and Instagram. Data was unprotected, putting users at risk of identity theft and account hijacking. Learn what happened, what was exposed, and how to stay safe.

Key Takeaways

A massive credential dump has exposed 184 million usernames and passwords in plain text, many tied to services like Google, Apple, Microsoft, Instagram, and more. The credentials were found in a publicly accessible database—likely compiled from infostealer malware, a type of malicious software that harvests login data from infected devices. None of the listed platforms were breached directly. The data was likely stolen from users’ devices using infostealer malware.

What We Know About the Breach

In May 2025, cybersecurity researcher Jeremiah Fowler revealed his discovery of a publicly accessible database containing over 184 million unique account credentials —including usernames and plaintext passwords, stored without encryption or authentication.

The exposed records included login data for services like:

  • Google
  • Microsoft
  • Apple
  • Facebook
  • Instagram
  • Snapchat
  • As well as banking, healthcare, and government platforms

The database was publicly accessible with no password protection, and none of the credentials were encrypted—making it immediately useful to anyone who accessed it.

How It Happened

Experts believe the data was collected through infostealer malware—malicious software that quietly pulls browser-stored passwords, cookies, autofill data, and messages from infected devices. The resulting credentials are often compiled into massive logs and resold or leaked online. In this case, one such compilation was left fully exposed.

What Was Exposed

  • Usernames and passwords: Every record included login credentials in plain text.

  • Major platforms affected: Millions of logins for services like Gmail, iCloud, and Instagram.

  • Potential identity verification data: Some records may include extra details, increasing the risk of identity theft and unauthorized access.

Why This Breach Is Especially Dangerous


Unlike most breaches where passwords are encrypted or hashed, these credentials were stored in plain text—immediately usable by anyone who finds them.

Attackers don’t need any special tools or skills to use them. They can simply copy, paste, and log in. That opens the door to:

  • Account takeovers on email, cloud, financial, and social accounts

  • Phishing campaigns that appear legitimate

  • Financial fraud and identity theft

  • Access to private health data or sensitive files

What You Should Do Now

Check if your data was leaked

Guardio scans the dark web for exposed credentials. If you're a user, you’ll get alerted the moment your data appears in a breach.

Change affected passwords immediately

Start with your most sensitive accounts—email, banking, and cloud services. Use strong, unique passwords you haven't used elsewhere.

Enable multi-factor authentication (MFA)

Even if someone has your password, MFA can stop them from logging in. Use an authentication app or hardware key whenever possible.

Use a password manager

A password manager generates and stores unique, strong passwords for every account. It eliminates the need to reuse logins.

Monitor your accounts

Watch for unexpected login attempts, password reset emails you didn’t request, or new devices connected to your accounts.

How Guardio Helps

Guardio protects you before, during, and after breaches like this one:

  • Real-time alerts when your credentials are leaked

  • Password Watch to flag weak, reused, or compromised passwords

  • Phishing protection to block malicious login pages

  • Scam filtering for SMS-based phishing attempts

  • Dark web monitoring to detect exposed credentials

Build Better Security Habits

Data breaches are inevitable. The best defense is building strong digital habits that make you harder to hack:

  • Use long, random passwords or passphrases

  • Never reuse passwords across accounts

  • Enable MFA wherever possible

  • Delete sensitive emails that could be exploited

  • Keep software and devices updated to patch security holes

Final Thoughts

This exposure is a reminder that even if the platforms you use are secure, your credentials can still be compromised through other channels—like malware on your own device. When passwords are leaked in plain text, the threat is immediate and real.

You can’t prevent every breach—but you can control how exposed you are when one happens. Guardio helps you stay informed, protected, and ready, so you’re not left reacting after the damage is done.

{{component-cta-custom}}

CMS-based CTA:
Smart protection, built for how you live online
Stay ahead of threats with real-time insights and proactive protection.
Add Guardio to BrowserTake Security Quiz
Default CTA:
Smart protection, built for how you live online
Stay ahead of threats with real-time insights and proactive protection.
Add Guardio to BrowserTake Security Quiz
CMS-based "Did you know?" block
Did you know?
Default "Did you know?" block
Did you know?

Make sure you have a personal safety plan in place. If you believe someone is stalking you online and may be putting you at risk of harm, don’t remove suspicious apps or confront the stalker without a plan. The Coalition Against Stalkerware provides a list of resources for anyone dealing with online stalking, monitoring, and harassment.

Guardio Security Team
Guardio’s Security Team researches and exposes cyber threats, keeping millions of users safe online. Their findings have been featured by Fox News, The Washington Post, Bleeping Computer, and The Hacker News, making the web safer — one threat at a time.
Tips from the expert

Related articles

  • I've Been Breached: A Step-by-Step Guide to Protecting Your Data
  • Breaking Down MOAB: The Massive 26 Billion Data Breach
  • Why Your Password Habits Are Putting You at Risk
  • Best Practices to Protect Yourself From a Data Breach
  • What Pwned Means and Why It's Important

    • FAQs

    No items found.
    About the Author
    Guardio Research Team
    Insights & Guidance
    Guardio’s research team closely monitors phishing scams, identity theft tricks, and emerging online threats, sharing what we learn to help you stay safe.
    Table of Contents
    Heading 2
    Can You Spot a Scam Text Message?
    Test your skills and learn how to protect yourself from online scams.
    Take the quiz now
    Can You Spot a Scam Text Message?
    Test your skills and learn how to protect yourself from online scams.
    Take the quiz now
    Data Breaches
    Oct 31, 2024
    5
    min read

    Change Healthcare Data Breach: What It Means for 100 Million Americans and How to Stay Protected

    Learn More
    -->
    Data Breaches
    Dec 24, 2019
    3
    min read

    Facebook Exposed: Over 267 Million User Details Leaked

    Learn More
    -->
    Data Breaches
    May 7, 2020
    1
    min read

    GoDaddy Admits 28,000 Customers Were Affected in Data Breach

    Learn More
    -->
    Start for FreeStart for Free
    It couldn't be easier to protect yourself online
    "It blocked every single verified phishing fraud, for a perfect 100% score."
    PC MAG
    Start for FreeStart for Free