A massive data breach has exposed over 184 million user records, including plain-text email addresses, passwords, and direct login URLs — raising serious cybersecurity concerns for millions of Americans. The unprotected database, discovered by cybersecurity researcher Jeremiah Fowler, was found publicly accessible online and reportedly contained sensitive information linked to major brands such as Apple, Google, Facebook, Microsoft, and several banking and government services.
Tech giants impacted: Apple, Google, Meta, Microsoft
While the database wasn’t hosted by any one company, analysis of the leaked records revealed credentials and login links connected to a range of platforms:
Apple iCloud and iTunes accounts
Google services, including Gmail, Drive, and Google Workspace
Meta’s Facebook and Instagram logins
Microsoft Outlook, Office 365, and Teams
Banking portals, crypto wallets, and government service platforms
Fowler emphasised that the data leak included direct login URLs, which in some cases could bypass the traditional password entry process, making it even easier for hackers to access private user accounts.
Why is this breach different?
Unlike many earlier breaches where passwords were hashed or encrypted, this leak involved plain-text passwords, making the stolen data immediately usable for cybercriminals. The inclusion of one-click login links further elevates the risk by allowing potential attackers to log in to accounts without entering a password.
The breach is being described as a “cybercriminal’s working list,” offering tools ready for phishing, identity theft, credential stuffing attacks, and unauthorised financial transactions.
Cloud misconfigurations to blame
The unsecured database appears to have been hosted on a cloud platform — likely AWS, Google Cloud, or Microsoft Azure — and was left open due to misconfigured security settings. An IBM report recently highlighted that 82% of all data breaches over the past year involved cloud environments, often due to poor access controls or exposed public buckets.
What you should do
Security experts urge users to:
Change all passwords immediately
Use multi-factor authentication (MFA)
Freeze your credit via Equifax, Experian, and TransUnion
Use tools like Google Password Checkup or HaveIBeenPwned.com to check for exposure
Set real-time alerts on banking and credit accounts
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
