Cybersecurity researcher Jeremiah Fowler has uncovered a misconfigured cloud server that exposed an astonishing 184 million login credentials, likely gathered through infostealer malware.
Jeremiah Fowler, a cybersecurity expert, found an unsecured database housing over 184 million unique usernames and passwords. His findings, which were shared with Hackread.com, reveal that this exposed data constituted approximately 47.42 gigabytes of sensitive information.
A Massive Data Leak
The database lacked both password protection and encryption, containing login information for various online services. These included widely-used email providers, major tech platforms such as Microsoft, and prominent social media sites like Facebook, Instagram, Snapchat, and Roblox.
Notably, the leak also contained credentials for bank accounts, health platforms, and even governmental portals from multiple countries, increasing the vulnerability of unsuspecting individuals. Fowler verified the authenticity of several records by reaching out to individuals whose email addresses appeared in the database; many confirmed that the passwords listed were indeed valid.
Following his discovery, Fowler promptly alerted the hosting provider, resulting in the immediate removal of the database from public access. The database’s IP address was linked to two domain names, one of which seemed unregistered. Due to the presence of private registration details, the actual owner of this extensive data cache remains unidentified.
It remains uncertain how long this sensitive data was left exposed and whether other malicious actors had accessed it prior to Fowler’s discovery. The hosting provider has declined to disclose any customer information, leaving the motive behind the data collection—whether for criminal purposes or legitimate research—ambiguous.
The Infostealer Connection
This database likely belonged to cybercriminals leveraging infostealers, a popular tactic for harvesting sensitive data, who inadvertently exposed their repository during the process. Infostealers are widely employed in the criminal underworld; even esteemed entities such as the U.S. military and FBI have reported breaches attributable to infostealers, which can cost as little as $10 to acquire.
Infostealer malware is engineered to covertly gather sensitive information from infected systems, specifically targeting saved login credentials from web browsers, email clients, and messaging applications.
Fowler’s findings resonate with recent reports on the joint initiative by Microsoft and Europol to disrupt the Lumma Stealer infrastructure, which had infected over 394,000 Windows devices globally. This context underscores the severe threat indicated by Fowler’s discovery.
Fowler’s analysis suggests that the leaked data—often comprising raw credentials and login page URLs—aligns seamlessly with what infostealers such as Lumma are designed to extract. While he could not definitively identify the specific malware linked to this incident, the nature of the data strongly hints at such a possibility.
Cases of cybercriminals unintentionally exposing their own databases are not uncommon. Recently, the notorious hacking groups ShinyHunters and Nemesis were reported to have targeted exposed AWS S3 buckets, only to incidentally leak their own data in the process.
Protection Against Infostealers
The availability of extensive login credentials provides a significant advantage to cybercriminals, who can exploit such data through techniques like “credential stuffing” and “account takeovers.” These tactics facilitate unauthorized access to personal information, heightening the risk of identity theft and financial fraud.
The compromised information may also contain business credentials, exposing organizations to corporate espionage, while even seemingly benign old passwords can amplify the risk of phishing and social engineering attacks.
In light of these developments, Fowler advises users to refrain from using emails as a repository for sensitive data, regularly update passwords—particularly in the event of potential breaches—avoid password reuse across multiple accounts, implement Two-Factor Authentication (2FA), and set up alerts for suspicious login attempts or unusual activity.
