184M Plain-Text Passwords Leaked in Major Breach: Google, Apple, Instagram Users at Risk

A massive credential dump has exposed 184 million usernames and passwords in plain text, many tied to services like Google, Apple, Microsoft, Instagram, and more. The credentials were found in a publicly accessible database—likely compiled from infostealer malware, a type of malicious software that harvests login data from infected devices. None of the listed platforms were breached directly. The data was likely stolen from users’ devices using infostealer malware.

What We Know About the Breach

In May 2025, cybersecurity researcher Jeremiah Fowler revealed his discovery of a publicly accessible database containing over 184 million unique account credentials —including usernames and plaintext passwords, stored without encryption or authentication.

The exposed records included login data for services like:

• Google
  ‍
• Microsoft
  ‍
• Apple
  ‍
• Facebook
  ‍
• Instagram
  ‍
• Snapchat
  ‍
• As well as banking, healthcare, and government platforms
  ‍
  

The database was publicly accessible with no password protection, and none of the credentials were encrypted—making it immediately useful to anyone who accessed it.

How It Happened

Experts believe the data was collected through infostealer malware—malicious software that quietly pulls browser-stored passwords, cookies, autofill data, and messages from infected devices. The resulting credentials are often compiled into massive logs and resold or leaked online. In this case, one such compilation was left fully exposed.

What Was Exposed

• Usernames and passwords: Every record included login credentials in plain text.
  
  
• Major platforms affected: Millions of logins for services like Gmail, iCloud, and Instagram.
  
  
• Potential identity verification data: Some records may include extra details, increasing the risk of identity theft and unauthorized access.
  
  

Why This Breach Is Especially Dangerous

Unlike most breaches where passwords are encrypted or hashed, these credentials were stored in plain text—immediately usable by anyone who finds them.

Attackers don’t need any special tools or skills to use them. They can simply copy, paste, and log in. That opens the door to:

• Account takeovers on email, cloud, financial, and social accounts
  
  
• Phishing campaigns that appear legitimate
  
  
• Financial fraud and identity theft
  
  
• Access to private health data or sensitive files
  
  

What You Should Do Now

Check if your data was leaked

Guardio scans the dark web for exposed credentials. If you're a user, you’ll get alerted the moment your data appears in a breach.

Change affected passwords immediately

Start with your most sensitive accounts—email, banking, and cloud services. Use strong, unique passwords you haven't used elsewhere.

Enable multi-factor authentication (MFA)

Even if someone has your password, MFA can stop them from logging in. Use an authentication app or hardware key whenever possible.

Use a password manager

A password manager generates and stores unique, strong passwords for every account. It eliminates the need to reuse logins.

Monitor your accounts

Watch for unexpected login attempts, password reset emails you didn’t request, or new devices connected to your accounts.

How Guardio Helps

Guardio protects you before, during, and after breaches like this one:

• Real-time alerts when your credentials are leaked
  
  
• Password Watch to flag weak, reused, or compromised passwords
  
  
• Phishing protection to block malicious login pages
  
  
• Scam filtering for SMS-based phishing attempts
  
  
• Dark web monitoring to detect exposed credentials
  
  

Build Better Security Habits

Data breaches are inevitable. The best defense is building strong digital habits that make you harder to hack:

• Use long, random passwords or passphrases
  
  
• Never reuse passwords across accounts
  
  
• Enable MFA wherever possible
  
  
• Delete sensitive emails that could be exploited
  
  
• Keep software and devices updated to patch security holes
  
  

Final Thoughts

This exposure is a reminder that even if the platforms you use are secure, your credentials can still be compromised through other channels—like malware on your own device. When passwords are leaked in plain text, the threat is immediate and real.

You can’t prevent every breach—but you can control how exposed you are when one happens. Guardio helps you stay informed, protected, and ready, so you’re not left reacting after the damage is done.

{{component-cta-custom}}