Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials WIRED

pThe possibility that data could be inadvertently exposed in a misconfigured or otherwise unsecured database is a longtime privacy nightmare that has been difficult to fully address But the new discovery of a massive trove of 184 million recordsâincluding Apple Facebook and Google logins and credentials for accounts connected to multiple governmentsâunderscores the risks of recklessly compiling sensitive information in a repository that could become a single point of failureppIn early May longtime databreach hunter and security researcher Jeremiah Fowler discovered an exposed Elastic database containing 184162718 records across more than 47 GB of data Typically Fowler says he is able to gather clues about who controls an exposed database from its contentsâdetails about the organization data related to its customers or employees or other indicators that suggest why the data is being collected This database however didnât include any clues about who owns the data or where it may have been gathered fromppThe sheer range and massive scope of the login details which include accounts connected to a large array of digital services indicate that the data is some sort of compilation possibly kept by researchers investigating a data breach or other cybercriminal activity or owned directly by attackers and stolen by infostealer malwareppâThis is probably one of the weirdest ones Iâve found in many yearsâ Fowler says âAs far as the risk factor here this is way bigger than most of the stuff I find because this is direct access into individual accounts This is a cybercriminalâs dream working listâppEach record included an ID tag for the type of account a URL for each website or service and then usernames and plaintext passwords Fowler notes that the password field was called âSenhaâ the Portuguese word for passwordppIn a sample of 10000 records analyzed by Fowler there were 479 Facebook accounts 475 Google accounts 240 Instagram accounts 227 Roblox accounts 209 Discord accounts and more than 100 each of Microsoft Netflix and PayPal accounts That sampleâjust a tiny fraction of the total exposureâalso included Amazon Apple Nintendo Snapchat Spotify Twitter WordPress and Yahoo logins among many others A keyword search of the sample by Fowler returned 187 instances of the word âbankâ and 57 of âwalletâppFowler who did not download the data says he contacted a sample of the exposed email addresses and heard back from some that they were genuine accountsppAside from individuals the exposed data also presented potential national security risks Fowler says In the 10000 sample records there were 220 email addresses with gov domains These were linked to at least 29 countries including the United States Australia Canada China India Israel New Zealand Saudi Arabia and the United KingdomppWhile Fowler could not identify who had put the database together or where the login details originally came from he reported the data exposure to World Host Group the hosting company it was linked to Access to the database was quickly shut down Fowler says although World Host Group did not respond to the researcher until after it was contacted by WIREDppSeb de Lemos CEO of World Host Group tells WIRED in a statement that the company operates systems for more than 2 million websites The database Fowler found though is âan unmanaged serverâ hosted on World Host Groupâs infrastructure and fully controlled by a customerppâIt appears a fraudulent user signed up and uploaded illegal content to their serverâ de Lemos wrote in the statement âThe system has since been shut down Our legal team is reviewing any information we have that might be relevant for law enforcementâppDe Lemos says that the company is in touch with Fowler and has made improvements to its reporting system âWhilst we cannot share customerspecific details with WIRED we will fully cooperate with the appropriate law enforcement authorities and where appropriate share all relevant customer data with themâppThough the database has now been securedâand ultimately taken down entirelyâit is not clear whether anyone other than Fowler accessed the trove while it was still live As with any exposed database the concern is that sensitive data could be stolen and abused And in this case there is a particularly urgent risk of logins being exploited in fraud to steal additional information or even to breach other organizationsppFowler says that while he does not know for certain he suspects that the data was compiled by attackers using an infostealerppâIt is highly possible that this was a cybercriminalâ he says âItâs the only thing that makes sense because I canât think of any other way you would get that many logins and passwords from so many services all around the worldâppIn your inbox Upgrade your life with WIREDtested gearppâWiFi keeps going downâ Trumpâs RTO mandate is going terriblyppBig Story The worm that no computer scientist can crackppYuval Noah Harari âPrepare to share the planet with AI superintelligenceâppUncanny Valley An insider look at the influence of Silicon ValleyppMore From WIREDppReviews and Guidespp 2025 Condà Nast All rights reserved WIRED may earn a portion of sales from products that are purchased through our site as part of our Affiliate Partnerships with retailers The material on this site may not be reproduced distributed transmitted cached or otherwise used except with the prior written permission of Condà Nast Ad Choicesp