In one of the largest-ever data breaches, passwords and login details of over 18.4 crore users have been exposed online, affecting major tech platforms, banks, and government portals. The leak was discovered by a cybersecurity researcher, who found an unencrypted and publicly accessible database containing critical user credentials.
Cybersecurity experts warn that the exposure of such a vast number of passwords significantly increases the risk of credential stuffing attacks, where threat actors use stolen credentials to gain unauthorized access to user accounts . The leak could lead to a cascade of data breaches, financial frauds, and identity thefts.
Data Exposed from Apple, Google, Facebook & More
The leaked data includes usernames, passwords, and authorization URLs from platforms such as Apple, Google, Facebook, Microsoft, Instagram, and Snapchat. Login credentials related to banking systems, health services, and government websites were also found, raising concerns over identity theft and digital fraud.
Shockingly, the database was not encrypted, meaning all information was stored in plain text and accessible to anyone who discovered the link.
Malware ‘InfoStealer’ Suspected Behind Breach
The Researcher believes the data was likely collected using ‘InfoStealer‘ malware, which infiltrates user systems via malicious emails or downloads. Once installed, it silently extracts stored passwords, autofill data, cookies, and credit card details from browsers. These credentials are often sold on the dark web, where cybercriminals use them for scams, ransomware, and other illegal activities.
Info stealers are a type of malicious software designed to infiltrate devices and extract sensitive user information, which is then sent to cybercriminals. These programs primarily target login credentials for online banking, email accounts, social media platforms, and FTP servers.
They rely on various techniques to capture user data, including:
- Browser hooking: Intercepting what users type into browsers or applications to collect login details.
- Web injections: Inserting fake fields into legitimate websites and capturing the entered data.
- Form grabbing: Monitoring open windows and extracting content entered into web forms.
- Keylogging: Recording every keystroke made on the infected device.
- Cookie and password theft: Harvesting stored browser cookies and saved passwords directly from the system.
Hosting Provider Silent on Source
The researcher contacted the hosting company managing the server, prompting it to restrict public access. However, the company refused to disclose the origin of the uploaded data. To verify authenticity, researcher reached out to several users, many of whom confirmed that their leaked credentials were genuine.
Who’s at Risk?
- People who reuse the same password across multiple platforms.
- Users with accounts on tech platforms, banking sites, and government portals.
- Businesses using cloud logins or shared credentials.
Steps to Protect Yourself from Online Fraud
Cybersecurity experts recommend the following precautions:
- Use strong, unique passwords for every account
- Enable multi-factor authentication (MFA) wherever possible
- Change your passwords regularly
- Use tools like Google Password Checkup or Have I Been Pwned to check if your credentials have been compromised
- Avoid clicking on suspicious links or downloading unknown files
This breach is a critical reminder of the growing threat posed by cybercriminals and the need for proactive digital security practices. With data from major platforms and portals exposed, individuals and businesses alike must stay vigilant and take immediate action to secure their accounts.
About the author – Ayush Chaurasia is a postgraduate student passionate about cybersecurity, threat hunting, and global affairs. He explores the intersection of technology, psychology, national security, and geopolitics through insightful writing