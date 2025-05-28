A cybersecurity researcher claimed to have found a publicly exposed database containing 184,162,718 unique login and password credentials, totalling a massive 47.42 GB of raw data. The cybersecurity researcher said he contacted several individuals using emails listed in the illegal database and claimed to have received a confirmation from them that the illegal database contained “their accurate and valid passwords.”(Representational image)

The researcher, Jeremiah Fowler, reported his findings to Websiteplanet.com last week and claimed that the database hosting critical data was itself not protected by a password.

Fowler claimed that he saw “thousands of files that included emails, usernames, passwords, and the URL links to the login or authorisation for the accounts.” The database reportedly contained login credentials of numerous applications and services, including email providers, Microsoft, Facebook, Instagram, Snapchat, Roblox and many other websites.

Also read | Hackers steal advertising agency’s data, demand ransom in Bitcoins

Who owns the illegal database?

The researcher claimed that the database's Whois information, which can be used to identify the registrant (owner) of a domain and their contact details, was “private” and there seemed to be “no verifiable method” to identify the real owner of the illegal database.

Folwer alleged that the hosting provider of the database refused to disclose their customer's information, and hence he could not establish if such large volumes of data was gathered for legitimate research purposes or exposed due to oversight.

According to the report, Fowler could also not establish how long the database was exposed or if anyone gained access to it. “The records exhibit multiple signs that the exposed data was harvested by some type of infostealer malware,” he wrote.

The researcher claimed that he does not know how such large volumes of data was collected, but stated that cybercriminals deploy a range of methods to deploy the malware and steal sensitive information.

Also read | Russian hackers target Western firms shipping aid to Ukraine, US intelligence says

Folwer also contacted several individuals using emails listed in the illegal database and claimed to have received confirmation from them that the illegal database contained “their accurate and valid passwords.”

He recommended users to be aware of sensitive information stored in their accounts and regularly delete “old, sensitive emails that contain PII, financial documents or any other important files.”

To guard against potential cyberattacks, Fowler urged users to change passwords annually and use unique and hard-to-guess passwords for every account. He also suggested activating two-factor-authentication and considering using password managers among other measures.