In early May 2025, cybersecurity researcher Jeremiah Fowler uncovered a massive data breach involving over 184 million login credentials from major tech platforms, including Google, Microsoft, Facebook, and Apple. The exposed data, stored in an unsecured Elastic database, contained plaintext usernames and passwords, posing significant security risks to users worldwide.
What Was Exposed?
The compromised database, spanning 47 GB, included login information from at least 29 countries’ government email domains. A sample analysis revealed credentials from various platforms, such as:
- Google;
- Microsoft;
- Facebook (Meta);
- Apple; and,
- Financial services.
The absence of identifying metadata suggests the data may have been compiled by cybercriminals or researchers using infostealing malware.