Massive Data Breach Exposes 184 Million User Records: Apple, Google, Meta And More Affected

Hyderabad: A massive data breach has reportedly compromised over 184 million user records, containing emails, passwords, and authorisation URLs for major platforms, including Apple, Google, Facebook, Microsoft, Instagram, Snapchat, and more. Cybersecurity researcher Jeremiah Fowler, who first discovered and reported the breach, emphasised that instead of being hashed or encrypted, the leak involved plain-text records of sensitive information, making it immediately usable for cybercriminals.

He further highlighted the presence of authorisation URLs in the unsecured database, which in some cases could bypass the traditional password entry process, making it even easier for cybercriminals to gain access to private user accounts.

The extent of the data breach

The breach is being described as a "cybercriminal's working list" as it offers a ready-to-use database of over 184 million user records for crimes like identity theft, phishing, credential stuffing, and unauthorised financial transactions. The database not only contained credentials and login links connected to popular platforms, but it also included details of bank accounts, health platforms, and even government portals from various nations.

As per the report, the database included credentials for Apple iCloud and iTunes accounts, Google services like Gmail, Drive, and Workspace, Meta’s Facebook and Instagram logins, Microsoft's Outlook, Office 365, and Teams accounts, banking portals, crypto wallets, and government service platforms.

Cybersecurity researcher Jeremiah Fowler said that the unsecured database also contained business credentials, which open the door for a threat actor to steal business records, conduct corporate espionage, and plant ransomware. Fowler also verified the data’s legitimacy by contacting individuals listed in the database, many of whom confirmed the accuracy of their credentials.

Possible cause of breach

As per the report, the cause of the breach could be cloud misconfiguration, which happens to be the case with most data breaches in recent years, as per a 2024 IBM report. With this particular case, the unsecured database appears to have been hosted on a cloud platform, such as AWS, Google Cloud, or Microsoft Azure, and was left open due to misconfigured security settings. While there is no clarity over exactly how the breach happened, the IBM report blames poor access controls and exposed public buckets as the usual culprits behind a cloud environment data breach.

An analysis by Fowler concluded that the data might have been captured by some sort of infostealing malware from breached devices to sell it on the dark web. Infostealer malware is used to steal sensitive information from infected devices and typically targets login credentials stored in web browsers, email programs, and messaging apps.

Fowler said that he contacted the hosting provider storing the plain text file, after which the service made it inaccessible to the public. It is unclear who owns the database, as the hosting service refused to share those details. It is unclear for how long the sensitive information was exposed or if other malicious actors had accessed it before the discovery.

How to protect yourself

There is no surefire way to protect yourself from data breaches, but users can follow certain practices to lessen their impact, which are as follows:

• Use strong passwords
• Don't use the same password for all online services
• Frequently change passwords
• Use multi-factor authentication when possible
• Run regular anti-malware scans

Additionally, users can utilise free tools like Google Password Checkup or haveibeenpwned.com to check whether their credentials were leaked on the dark web in any of the past data breaches.