Massive data leak hits Google, Microsoft and global agencies—184m accounts exposed

By Gloria Methri

In a significant cybersecurity incident, over 184 million login credentials, including those from major tech companies and government agencies, were discovered in an unsecured database. The breach, uncovered in early May 2025 by security researcher Jeremiah Fowler, highlights the escalating threats posed by infostealer malware and the vulnerabilities in data storage practices.

Unsecured Database Reveals Extensive Credential Exposure

Fowler identified an unprotected ElasticSearch database containing approximately 184 million records, totalling over 47 GB of data. The database included plaintext usernames and passwords for services such as Google, Apple, Facebook, Microsoft, and Instagram. Notably, it also contained credentials linked to at least 29 government domains, including those from the United States, India, the United Kingdom, and Australia.

The exposed data encompassed a wide range of platforms, including social media, streaming services, banking, and cryptocurrency accounts. In a sample of 10,000 records, Fowler identified numerous instances of financial-related keywords, such as “bank” and “wallet,” suggesting potential risks for financial fraud and identity theft.

Infostealer Malware: A Growing Cybersecurity Threat

The breach is believed to be the result of infostealer malware, a type of malicious software designed to extract sensitive information from infected devices. These tools have become increasingly prevalent, with cybercriminals using them to collect vast amounts of personal data. In a related development, the “Have I Been Pwned” service added over 284 million accounts stolen by infostealer malware to its database, underscoring the widespread impact of such threats.

Law enforcement agencies and cybersecurity firms have taken action against these threats. On May 21, 2025, an international coalition, including Microsoft and Europol, disrupted the operations of the Lumma infostealer malware, seizing over 2,300 domains and dismantling its infrastructure.

Preventive Measures for Users

To mitigate risks associated with such breaches, cybersecurity experts recommend the following actions:

• Regularly Update Passwords: Change passwords periodically and avoid reusing them across multiple platforms.
• Use Complex and Unique Passwords: Employ strong passwords that combine letters, numbers, and special characters.
• Enable Multi-Factor Authentication (MFA): Add an extra layer of security to accounts by enabling MFA where available.
• Utilise Password Managers: Consider using reputable password management tools to store and generate secure passwords.
• Monitor Account Activity: Regularly check account statements and activity logs for any unauthorised actions.
• Stay Informed: Use services like HaveIBeenPwned to check if your credentials have been compromised in known breaches.

This incident underscores the pervasive threat posed by infostealer malware and the importance of robust cybersecurity practices. As cyber threats continue to evolve, both individuals and organisations must remain vigilant and proactive in protecting sensitive information.