2025-05-27T21:39:24Z

---

A staggering data breach has emerged, revealing an unencrypted database that has leaked over 184 million passwords. This significant breach affects a vast array of users’ credentials across various platforms, including popular social media channels such as Facebook, Instagram, and Snapchat, as well as other services. The findings were disclosed by cybersecurity researcher Jeremiah Fowler, who highlighted the severity of the leak in a recent report.

According to Fowler's investigation, the database comprises a total of 184,162,718 unique logins and passwords that were not protected by encryption. Consequently, this means that anyone with access to the database could easily view the sensitive information it contained. As reported by Website Planet, the database was left publicly accessible, which raises serious concerns about the security practices surrounding user data management.

The leaked credentials are tied to not only social media accounts but also various essential services. It includes logins for major platforms such as Google and several Microsoft applications, in addition to social media sites. Furthermore, credentials for gaming platforms like Roblox were discovered in the compromised database. Alarmingly, sensitive information related to bank accounts, health services, and even government portals was also included, further highlighting the depth of the exposure.

While it remains unclear how exactly the sensitive data was extracted from users, Fowler's analysis suggests that the origins of this data breach might be linked to an infostealer malware. This type of malicious software is specifically designed to retrieve sensitive information from compromised systems. It is likely that the vast number of passwords were harvested directly from users' devices, putting their online security at significant risk.

Infostealer malware operates by extracting user data stored within web browsers, including autofill information and cookies. It can also capture data from emails, such as drafts and documents, as well as information from messaging applications. Often, users are tricked into downloading the malware, which silently collects their credentials without their knowledge.

In a related development, Mashable attempted to verify the claims concerning the leaked database by reaching out to various companies implicated in the report. A representative from Snapchat responded, stating that their platform has not identified any evidence of a data breach or vulnerabilities associated with their systems. Mashable will continue to monitor the situation and provide updates as more information comes to light.

This incident underscores a growing trend in data breaches, which have become increasingly rampant in recent years. For context, Mashable previously reported on the RockYou2024 leak, noted as one of the largest password leaks to date, where nearly 10 billion credentials were shared on hacker forums, posing significant risks to online security. Such extensive data breaches provide malicious actors with powerful tools to execute automated brute-force attacks on user accounts, emphasizing the urgent need for enhanced security measures.

As the investigation continues, it is crucial for users to remain vigilant regarding their online security. Implementing two-factor authentication and regularly updating passwords can help mitigate the risks associated with such breaches.