A massive credential dump has exposed 184 million usernames and passwords in plain text, many tied to services like Google, Apple, Microsoft, Instagram, and more. The credentials were found in a publicly accessible database—likely compiled from infostealer malware, a type of malicious software that harvests login data from infected devices. None of the listed platforms were breached directly. The data was likely stolen from users’ devices using infostealer malware.
In May 2025, cybersecurity researcher Jeremiah Fowler revealed his discovery of a publicly accessible database containing over 184 million unique account credentials —including usernames and plaintext passwords, stored without encryption or authentication.
The exposed records included login data for services like:
The database was publicly accessible with no password protection, and none of the credentials were encrypted—making it immediately useful to anyone who accessed it.
Experts believe the data was collected through infostealer malware—malicious software that quietly pulls browser-stored passwords, cookies, autofill data, and messages from infected devices. The resulting credentials are often compiled into massive logs and resold or leaked online. In this case, one such compilation was left fully exposed.
Unlike most breaches where passwords are encrypted or hashed, these credentials were stored in plain text—immediately usable by anyone who finds them.
Attackers don’t need any special tools or skills to use them. They can simply copy, paste, and log in. That opens the door to:
Guardio scans the dark web for exposed credentials. If you're a user, you’ll get alerted the moment your data appears in a breach.
Start with your most sensitive accounts—email, banking, and cloud services. Use strong, unique passwords you haven't used elsewhere.
Even if someone has your password, MFA can stop them from logging in. Use an authentication app or hardware key whenever possible.
A password manager generates and stores unique, strong passwords for every account. It eliminates the need to reuse logins.
Watch for unexpected login attempts, password reset emails you didn’t request, or new devices connected to your accounts.
Guardio protects you before, during, and after breaches like this one:
Data breaches are inevitable. The best defense is building strong digital habits that make you harder to hack:
This exposure is a reminder that even if the platforms you use are secure, your credentials can still be compromised through other channels—like malware on your own device. When passwords are leaked in plain text, the threat is immediate and real.
You can’t prevent every breach—but you can control how exposed you are when one happens. Guardio helps you stay informed, protected, and ready, so you’re not left reacting after the damage is done.
{{component-cta-custom}}