Data breaches are no longer rare events but a persistent problem. 

We’ve been seeing regular incidents at public-facing companies across various sectors, including healthcare, retail and finance. While bad actors are certainly to blame, these corporations aren’t entirely without fault. They often make it easy for hackers to access user data by failing to protect it properly. 

A recent example came to light when a cybersecurity researcher discovered an open database containing over 184 million account credentials.

Join The FREE CyberGuy Report: Get my expert tech tips, critical security alerts and exclusive deals — plus instant access to my free Ultimate Scam Survival Guide when you sign up!

How the database was uncovered and what it contained

Cybersecurity researcher Jeremiah Fowler has revealed the existence of an open database that contains 184,162,718 million account credentials. These include email addresses, passwords, usernames and URLs for platforms such as Google, Microsoft, Apple, Facebook and Snapchat. 

The information also covers banking services, medical platforms and government accounts. Most shockingly, the entire dataset was left completely unsecured. There was no encryption, no authentication required and no form of access control. It was simply a plain text file sitting online for anyone to find.

19 BILLION PASSWORDS HAVE LEAKED ONLINE: HOW TO PROTECT YOURSELF

Fowler located the database during routine scanning of publicly exposed assets. What he found was staggering. The file included hundreds of millions of unique records containing user credentials linked to the world’s largest technology and communication platforms. There were also account details for financial services and official portals used by state institutions.

The file was not protected in any way. Anyone who discovered the link could open it in a browser and instantly view sensitive personal data. No software exploit was needed. No password was asked for. It was as open as a public document.

200 MILLION SOCIAL MEDIA RECORDS LEAKED IN MAJOR X DATA BREACH

Where did the data come from

Fowler believes the data was harvested using an infostealer. These lightweight tools are favored by cybercriminals for their ability to silently extract login credentials and other private information from compromised devices. Once stolen, the data is often sold on dark web forums or used in targeted attacks.

After reporting the breach, the hosting provider quickly removed access to the file. However, the owner of the database remains unknown. The provider did not disclose who uploaded it or whether the database was part of a legitimate archive that was accidentally published. Fowler could not determine whether this was the result of negligence or an operation with malicious intent.

To verify the data, Fowler contacted some individuals listed in the records. Several confirmed that the information was accurate. This confirmation turns what might seem like abstract statistics into something very real. These were not outdated or irrelevant details. These were live credentials that could allow anyone to hijack personal accounts in seconds.

1.7 BILLION PASSWORDS LEAKED ON DARK WEB AND WHY YOURS IS AT RISK

HR FIRM CONFIRMS 4M RECORDS EXPOSED IN MAJOR HACK

6 ways to protect yourself after a data breach

1. Change your password on every platform: If your login credentials have been exposed, it’s not enough to change the password on just one account. Cybercriminals often try the same combinations across multiple platforms, hoping to gain access through reused credentials. Start by updating your most critical accounts, email, banking, cloud storage and social media, then move on to others. Use a new, unique password for each platform and avoid variations of old passwords, as they can still be predictable. Consider using a password manager to generate and store complex passwords. 

Our top-rated password manager delivers powerful protection to help keep your accounts secure. It features real-time data breach monitoring to alert you if your login details have been exposed, plus a built-in data breach scanner that checks your saved emails, passwords and credit card information against known leak databases. A password health checker also highlights weak, reused or compromised passwords so you can strengthen your online defenses with just a few clicks. Get more details about my best expert-reviewed Password Managers of 2025 here.

2. Enable two-factor authentication: Two-factor authentication, or 2FA, is a critical security feature that drastically reduces the risk of unauthorized access. Even if someone has your password, they won’t be able to log in without the second verification step, usually a one-time code sent to your phone or an authenticator app. Enable 2FA on all services that support it, especially your email, financial accounts and any service that stores sensitive personal data.

3. Watch for unusual account activity: After a breach, it’s common for compromised accounts to be used for spam, scams, or identity theft. Pay close attention to signs such as login attempts from unfamiliar locations, password reset requests you didn’t initiate or unexpected messages sent from your accounts. Most platforms allow you to review login history and connected devices. If you see something off, take action immediately by changing your password and revoking suspicious sessions.

4. Invest in personal data removal services: You should also consider a data removal service. Given the scale and frequency of breaches like the one described above, relying on personal caution alone is no longer enough. Automated data removal services can provide an essential extra layer of defense by continuously scanning for and helping eliminate your exposed information from data broker sites and other online sources. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here. 

Get a free scan to find out if your personal information is already out on the web.

5. Avoid clicking on suspicious links and use strong antivirus software: One of the most common post-breach threats is phishing. Cybercriminals often use information from leaked databases to craft convincing emails that urge you to verify your account or reset your password. Never click on links or download attachments from unknown or suspicious sources. Instead, visit websites by typing the URL directly into your browser. 

The best way to safeguard yourself from malicious links is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

6. Keep your software and devices up to date: Many cyberattacks exploit known vulnerabilities in outdated software. Operating systems, browsers, antivirus programs and even apps need to be updated regularly to patch security flaws. Turn on automatic updates wherever possible so you’re protected as soon as fixes are released. Staying current with your software is one of the easiest and most effective ways to block malware, ransomware and spyware from infiltrating your system. 

HACKERS USING MALWARE TO STEAL DATA FROM USB FLASH DRIVES

Kurt’s key takeaway

Security is not only the responsibility of companies and hosting providers. Users need to adopt better practices, including unique passwords, multifactor authentication and regular reviews of their digital footprint. The careless exposure of over 184 million credentials is not just a mistake. It is an example of how fragile our systems remain when even basic protection is absent. In an era where artificial intelligence, quantum computing, and global connectivity are reshaping technology, it is unacceptable that plain text files containing financial and governmental credentials are still left sitting online.

Do you feel that companies are doing enough to protect your data from hackers and other cyber threats? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.