Over 184M passwords from Apple, Google, Facebook, Microsoft exposed in massive leak
A massive data leak has exposed over 184 million passwords from top platforms like Apple and Google, putting millions at risk of cyberattacks.
A recent discovery has exposed a vast number of passwords and sensitive data from major online platforms. Cybersecurity expert Jeremiah Fowler uncovered an unsecured database containing more than 184 million passwords along with email addresses and authorisation links online. The leaked information involved popular services such as Apple, Google, Facebook, Microsoft, Instagram, and Snapchat.

Ijaj Khan is a technology journalist and Senior Content Producer at Hindustan Times, with over three years of experience covering the consumer technology industry. His work spans smartphones, laptops, wearables, gaming, appliances and AI - from hands-on reviews, comparison and buying guides to breaking news and in-depth features that help readers cut through the noise and make informed decisions. Before joining HT Tech, he worked with Jagran New Media, where he sharpened his instincts for fast-paced digital reporting. He holds a Post Graduate Diploma in English Journalism and Mass Communication from the Indian Institute of Mass Communication (IIMC), Delhi. Whether he's testing the latest flagship smartphone, tracking a major AI announcement, or putting a gaming laptop through its paces, Ijaj approaches every story with the same goal - making technology feel relevant and easy to understand for everyday users, not just enthusiasts. When he's not in front of a screen for work, he's usually travelling to a new city, hunting for great food, or keeping tabs on what's next in tech before everyone else catches on.
Read moreRead less
The exposed data goes beyond just passwords. It includes login details for banks, financial institutions, health services, and government portals. Unlike typical databases that protect such information through encryption, this database was stored as a plain text file, making the information easily accessible to anyone who found it online, The Indian Express reported.
Also read: Microsoft launches Xbox Copilot beta on Android app to assist gamers with real-time support
Data Possibly Collected Using Malware
Fowler’s investigation suggests that the data may have been collected using infostealing malware. This type of malicious software, such as Lumma Stealer, collects usernames, passwords, credit card details, and other sensitive information from compromised systems. The stolen data is often sold on the dark web to cybercriminals.
Upon finding the unsecured file, Fowler notified the hosting provider responsible for storing the database. The hosting company quickly restricted public access to the file, but it declined to provide information about the owner. To verify the authenticity of the leak, Fowler reached out to several individuals whose details appeared in the database. They confirmed that their credentials had indeed been exposed.
Also read: Uber users can now book Delhi Metro tickets within the app: Here’s how to do it
Users and Businesses Face Higher Risk
Experts warn that individuals who reuse the same password and username across multiple platforms face higher risks. Once cybercriminals access one account, they can exploit personal data for identity theft, fraud, and scams. The breach also included business accounts, which put company records and operations at risk. Threat actors could use such information to steal business data, conduct espionage, or launch ransomware attacks. The leak even contained login details for certain government services and private conversations.
Also read: PlayStation Days of Play Sale: Spider-Man 2, God of War Ragnarök, and more games get big price cuts
Basic Steps Can Help Reduce Risk
While no method guarantees full protection against data breaches, experts advise using strong, unique passwords and changing them regularly. Multi-factor authentication adds an extra layer of security. Additionally, Google offers a free tool to check if your credentials have appeared in data leaks online. Users should remain vigilant and update their security practices to reduce the impact of such incidents.
ABOUT THE AUTHORMD Ijaj KhanIjaj Khan is a technology journalist and Senior Content Producer at Hindustan Times, with over three years of experience covering the consumer technology industry. His work spans smartphones, laptops, wearables, gaming, appliances and AI - from hands-on reviews, comparison and buying guides to breaking news and in-depth features that help readers cut through the noise and make informed decisions. Before joining HT Tech, he worked with Jagran New Media, where he sharpened his instincts for fast-paced digital reporting. He holds a Post Graduate Diploma in English Journalism and Mass Communication from the Indian Institute of Mass Communication (IIMC), Delhi. Whether he's testing the latest flagship smartphone, tracking a major AI announcement, or putting a gaming laptop through its paces, Ijaj approaches every story with the same goal - making technology feel relevant and easy to understand for everyday users, not just enthusiasts. When he's not in front of a screen for work, he's usually travelling to a new city, hunting for great food, or keeping tabs on what's next in tech before everyone else catches on.Read More

E-Paper




Black




