184 Million Logins Leaked Online in One of the Largest Credential Breaches to Date

Cybersecurity researcher Jeremiah Fowler has reported the discovery of a massive exposed database containing 184 million login credentials for services including Apple, Google, Microsoft, Discord, as well as various banking, medical, and government platforms.

The file, totaling 47.42 GB, was found publicly accessible on servers belonging to hosting provider World Host Group. According to Fowler, this is one of the largest and most dangerous breaches in recent memory. Unlike typical leaks that focus on a single service, this dataset includes credentials from hundreds of thousands of different sources. Verification of several email addresses confirmed the data is authentic.

The structure and content of the database suggest the credentials were gathered via infostealers — malicious software designed to extract passwords from browsers, messengers, and email clients. Some files were labeled with the Portuguese word “senha” (meaning “password”), indicating the breach may have an international origin.

Although the database has since been taken offline, experts warn that it was likely copied before being removed. Datasets like this frequently resurface on the dark web or in Telegram groups and are often used for further cyberattacks. Users are advised to change their passwords, enable two-factor authentication, and avoid storing sensitive data in email.