A veteran cybersecurity researcher says he’s discovered a secret database containing the login credentials for over 184 million accounts across numerous platforms.

Data-breach hunter Jeremiah Fowler says he found an unprotected database of exactly 184,162,718 login records across more than 47 gigabytes of data.

-->

Fowler says a small sample of records he analyzed contained 479 Facebook accounts, 475 Google accounts, 240 Instagram accounts, 227 Roblox accounts, 209 Discord accounts, and more than 100 each of Microsoft, Netflix, and PayPal accounts.

The trove of data also includes Amazon, Apple, Nintendo, Snapchat, Spotify, X, WordPress, Yahoo, and many other types of login info, reports Wired, adding that all of the data in its entirety has now been taken down.

With the scope of information that was exposed, Fowler says the victims are now vulnerable to several kinds of attacks, including corporate espionage, phishing and social engineering, account takeovers, and more.

He also mentions that government entities appeared to be included in the hack.

“I saw numerous .gov accounts from countries around the world. These could be a serious potential risk if any of those compromised accounts had security clearance to sensitive areas of the state networks or data.”

The exact origins of the database are unknown, but Fowler notes that the password field was labeled as “Senha,” which is “password” in Portuguese.

Fowler says he believes it’s “highly possible” that a cybercriminal is to blame, calling it by far the most reasonable explanation for the massive collection of login data.

According to Fowler, the length of time that the data was exposed and whether anyone else accessed the files remains unknown.

Follow us on X, Facebook and Telegram