A major data leak has exposed over 184 million user records from a huge 47GB unprotected database, putting millions of people at serious risk of identity theft and cybercrime.
The leaked data includes login details from major technology companies like Microsoft, Google, Apple, Facebook, PayPal, and Netflix. The exposed records were found sitting openly on an unsecured Elasticsearch server.
Cybersecurity researcher Jeremiah Fowler discovered the database and quickly reported it to Website Planet. After receiving the alert, the hosting provider, World Host Group, took the database offline. However, it is still unclear how long the database had been publicly accessible in this leak or whether hackers had already seen or downloaded the data before it was shut down.
Fowler described the server as completely unprotected — it had no password and no encryption. He revealed that the leaked data included not just login credentials for popular platforms but also access details linked to bank accounts, health portals, and government services. Shockingly, the exposed records included more than 220 government-related email addresses from at least 29 countries, such as the United States, United Kingdom, and China.
Seb de Lemos, CEO of World Host Group, confirmed that the exposed database in this leak was on a client-controlled, unmanaged server. While the company did not share details about which customer was responsible, de Lemos said their legal team is now working closely with law enforcement to investigate the issue.
Fowler added that the leaked data seems similar to information often stolen by infostealer malware. So far, no one has confirmed that hackers breached the system. There is also no evidence that anyone has misused the leaked data. He clarified that he conducted his research solely to raise public awareness and educate people. He emphasized that his findings do not officially confirm a data breach.
This discovery comes at a time when infostealer malware attacks are sharply increasing worldwide. According to IBM’s 2025 X-Force Threat Intelligence Index, phishing emails used to spread infostealers jumped by 84% during 2024. Similarly, Check Point’s 2025 Cybersecurity Report reported a 58% increase in infostealer-based attacks, many of which specifically target corporate networks. The report also estimated that over 10 million stolen infostealer logs are now being traded on underground marketplaces.
Experts warn that the exposure of 184 million records highlights the massive scale of credential theft operations. They say it also shows the serious dangers of unsecured cloud systems. Criminals can use this type of data to break into personal or business systems. Such attacks can lead to identity fraud, financial theft, and even larger data breaches.
Cybersecurity experts are urging all users to: Use strong, unique passwords across all platforms. Enable multi-factor authentication (MFA) wherever possible. Regularly monitor accounts for suspicious or unusual activity
As cybercriminals keep improving their tactics, following these safety steps has become more important than ever to reduce the risks of massive data leaks like this one.
Also Read: Authorities Expand SK Telecom Data Breach Investigation to KT and LG Uplus
