Millions of Passwords Leak, Exposing Google, Facebook, and PayPal Users

Posted on by

A security expert has issued a major warning after uncovering a massive trove of 184 million records that include Apple, Facebook, PayPal, and Google logins, banking information, and more.In early May, longtime data-breach hunter and security researcher Jeremiah Fowler found a massive database of 184,162,718 records across more than 47 GB of data with no clues about who owns the data or where it came from.While he doesn’t know where it came from, he called the list “a cybercriminal’s dream.”“This is probably one of the weirdest ones I’ve found in many years,” Fowler told Wired.com. “As far as the risk factor here, this is way bigger than most of the stuff I find, because this is direct access into individual accounts. This is a cybercriminal’s dream working list.”As Fowler points out, each record included an ID tag for the type of account, a URL for each website or service, and then usernames and plaintext passwords.Fowler did not download or analyze the entire dataset, but he did look at a sample of 10,000 records where he found login information from 479 Facebook accounts, 475 Google accounts, 240 Instagram accounts, 227 Roblox accounts, 209 Discord accounts, and more than 100 each of Microsoft, Netflix, and PayPal accounts. The sample also included Amazon, Apple, Nintendo, Snapchat, Spotify, Twitter, WordPress, and Yahoo logins as well as banking and wallet login information.While Fowler does not know for sure, he speculates that the database belonged to a cybercriminal.“It is highly possible that this was a cybercriminal,” he says. “It’s the only thing that makes sense, because I can’t think of any other way you would get that many logins and passwords from so many services all around the world.”While the database has been deleted, Fowler warns that it is not clear how many people accessed the database before it was deleted, meaning that the millions of accounts could still be at risk.