Hackers may have stolen your credentials again

Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.

A recent discovery by cybersecurity expert Jeremiah Fowler has highlighted just how vulnerable our online information can be. 

He found an enormous, unprotected database containing more than 184 million usernames and passwords for major online services like Microsoft, Apple, Google, Facebook, Discord, and PayPal. 

All this sensitive data, about 47.42 GB worth, was sitting on a poorly secured cloud server, completely open to the internet.

What makes this even more alarming is that the data likely came from a type of malicious software called “infostealer malware.” (Via: Digital Trends) 

This malware sneaks onto people’s computers, often through fake emails, sketchy websites, or pirated software, and secretly steals valuable information like login details, cookies, saved passwords, and even crypto wallet information. 

That stolen data is then sent to hackers, who may store it in giant databases like this one.

Even more concerning, Fowler’s analysis showed that the database included over 220 government-related email addresses from at least 29 countries, including the US, UK, Canada, and Australia. 

This raises serious national security concerns, as the data could be used for identity theft or to access sensitive government systems.

A closer look at the database revealed many usernames and passwords stored in plain text, and some were connected to financial keywords like “bank” and “wallet.” This increases the risk of fraud, theft, and other cybercrimes.

Fowler informed the hosting company, World Host Group, which quickly shut down the server. Still, it’s unclear how long the database was online or if cybercriminals accessed it.

What you should do now

1. Change your passwords: Especially if you use the same ones on multiple sites.
2. Turn on two-factor authentication (2FA): This adds an extra layer of security.
3. Monitor your accounts: Check bank statements and online accounts regularly for unusual activity.
4. Install trusted antivirus software: Install and keep it updated.
5. Be cautious online: Don’t click suspicious links or open unknown attachments.

This incident is a wake-up call: even trusted platforms aren’t immune to leaks, and good security habits are more important than ever.

Got any thoughts on this new breach? Will you be changing your passwords to keep yourself safe? Let’s discuss below in the comments, or via our Twitter or Facebook.