Blog
184M Plain-Text Passwords Leaked in Major Breach: Google, Apple, Instagram Users at Risk
Data Breaches

184M Plain-Text Passwords Leaked in Major Breach: Google, Apple, Instagram Users at Risk

Guardio Research Team
Insights & Guidance
Reviewed by
Sharon Blatt Cohen
June 12, 2025
5
min read
184M plain-text passwords leaked in a massive breach, exposing Google, Apple, and Instagram. Data was unprotected, putting users at risk of identity theft and account hijacking. Learn what happened, what was exposed, and how to stay safe.
Table of Contents
184M plain-text passwords leaked in a massive breach, exposing Google, Apple, and Instagram. Data was unprotected, putting users at risk of identity theft and account hijacking. Learn what happened, what was exposed, and how to stay safe.

Key Takeaways

A massive security lapse has exposed 184 million usernames and passwords in plain text, tied to Google, Apple, Microsoft, Instagram, and more. These unprotected credentials were discovered sitting in a publicly accessible database, giving cybercriminals everything they need to hijack accounts and steal identities.

Here’s what happened, why it’s so dangerous, and what you should do now to protect yourself.

{{component-cta-custom}}

What We Know About the Breach

In May 2025, cybersecurity researcher Jeremiah Fowler uncovered an unsecured database containing 184 million unique username-password pairs. The records were tied to popular services including:

  • Google

  • Apple

  • Microsoft

  • Facebook

  • Instagram

  • Snapchat

Even banking, healthcare, and government accounts were part of the leak. The database was publicly accessible—no password required—and none of the credentials were encrypted. It was a goldmine for cybercriminals.

How It Happened

Experts believe the data was collected through infostealer malware—malicious software that quietly pulls browser-stored passwords, cookies, autofill data, and messages from infected devices. These credentials were then compiled and dumped online, completely unprotected.

What Was Exposed

  • Usernames and passwords: Every record included login credentials in plain text.

  • Major platforms affected: Millions of logins for services like Gmail, iCloud, and Instagram.

  • Potential identity verification data: Some records may include extra details, increasing the risk of identity theft and unauthorized access.

Why This Breach Is Especially Dangerous

Most data breaches involve encrypted or hashed passwords. This one didn’t. These credentials were stored in plain text—readable, accessible, and immediately usable.

Attackers don’t need any special tools or skills to use them. They can simply copy, paste, and log in. That opens the door to:

  • Account takeovers on email, cloud, financial, and social accounts

  • Phishing campaigns that appear legitimate

  • Financial fraud and identity theft

  • Access to private health data or sensitive files

What You Should Do Now

Check if your data was leaked

Guardio scans the dark web for exposed credentials. If you're a user, you’ll get alerted the moment your data appears in a breach.

Change affected passwords immediately

Start with your most sensitive accounts—email, banking, and cloud services. Use strong, unique passwords you haven't used elsewhere.

Enable multi-factor authentication (MFA)

Even if someone has your password, MFA can stop them from logging in. Use an authentication app or hardware key whenever possible.

Use a password manager

A password manager generates and stores unique, strong passwords for every account. It eliminates the need to reuse logins.

Monitor your accounts

Watch for unexpected login attempts, password reset emails you didn’t request, or new devices connected to your accounts.

How Guardio Helps

Guardio protects you before, during, and after breaches like this one:

  • Real-time alerts when your credentials are leaked

  • Password Watch to flag weak, reused, or compromised passwords

  • Phishing protection to block malicious login pages

  • Scam filtering for SMS-based phishing attempts

  • Dark web monitoring to detect exposed credentials

Build Better Security Habits

Data breaches are inevitable. The best defense is building strong digital habits that make you harder to hack:

  • Use long, random passwords or passphrases

  • Never reuse passwords across accounts

  • Enable MFA wherever possible

  • Delete sensitive emails that could be exploited

  • Keep software and devices updated to patch security holes

Final Thoughts

This breach is a reminder that even trusted platforms can’t fully protect your data. When passwords are leaked in plain text, the threat is immediate and real.

You can’t prevent every breach—but you can control how exposed you are when one happens. Guardio helps you stay informed, protected, and ready, so you’re not left reacting after the damage is done.

{{component-cta-custom}}

CMS-based CTA:
Smart protection, built for how you live online
Stay ahead of threats with real-time insights and proactive protection.
Add Guardio to BrowserTake Security Quiz
Default CTA:
Smart protection, built for how you live online
Stay ahead of threats with real-time insights and proactive protection.
Add Guardio to BrowserTake Security Quiz
CMS-based "Did you know?" block
Did you know?
Default "Did you know?" block
Did you know?

Make sure you have a personal safety plan in place. If you believe someone is stalking you online and may be putting you at risk of harm, don’t remove suspicious apps or confront the stalker without a plan. The Coalition Against Stalkerware provides a list of resources for anyone dealing with online stalking, monitoring, and harassment.

Guardio Security Team
Guardio’s Security Team researches and exposes cyber threats, keeping millions of users safe online. Their findings have been featured by Fox News, The Washington Post, Bleeping Computer, and The Hacker News, making the web safer — one threat at a time.
Tips from the expert

Related articles

  • I've Been Breached: A Step-by-Step Guide to Protecting Your Data
  • Breaking Down MOAB: The Massive 26 Billion Data Breach
  • Why Your Password Habits Are Putting You at Risk
  • Best Practices to Protect Yourself From a Data Breach
  • What Pwned Means and Why It's Important

    • FAQs

    No items found.
    About the Author
    Guardio Research Team
    Insights & Guidance
    Guardio’s research team closely monitors phishing scams, identity theft tricks, and emerging online threats, sharing what we learn to help you stay safe.
    Table of Contents
    Heading 2
    Can You Spot a Scam Text Message?
    Test your skills and learn how to protect yourself from online scams.
    Take the quiz now
    Can You Spot a Scam Text Message?
    Test your skills and learn how to protect yourself from online scams.
    Take the quiz now
    Data Breaches
    Aug 22, 2024
    10
    min read

    Your Social Security isn’t safe: 2.9B records compromised in data breach

    Learn More
    -->
    Data Breaches
    Jan 29, 2024
    3
    min read

    Breaking down MOAB: The massive 26 billion data breach

    Learn More
    -->
    Data Breaches
    May 12, 2022
    3
    min read

    What PWNED Means and Why It's Important

    Learn More
    -->
    Start for FreeStart for Free
    It couldn't be easier to protect yourself online
    "It blocked every single verified phishing fraud, for a perfect 100% score."
    PC MAG
    Start for FreeStart for Free