Massive Data Leak Exposes Login Details of 184 Million Netizens

The database, totaling more than 47 GB of data, was identified in May 2025 by security researcher Jeremiah Fowler. Unlike typical data breaches where the source can often be traced, this trove lacked identifiable metadata, leaving the origin and purpose of the data collection unknown. The presence of plaintext usernames and passwords suggests the data may have been compiled by cybercriminals or researchers using infostealing malware.

A sample analysis of 10,000 records revealed a wide array of compromised accounts:

• 479 Facebook accounts

• 475 Google accounts

• 240 Instagram accounts

• 227 Roblox accounts

• 209 Discord accounts

• Over 100 accounts each from Microsoft, Netflix, and PayPal

Additional entries included credentials for Amazon, Apple, Nintendo, Snapchat, Spotify, Twitter, WordPress, and Yahoo. Notably, the data also contained 220 email addresses with .gov domains from at least 29 countries, including the United States, Australia, Canada, China, India, Israel, New Zealand, Saudi Arabia, and the United Kingdom, posing potential national security risks.

“This is probably one of the weirdest ones I’ve found in many years,” Fowler says. “As far as the risk factor here, this is way bigger than most of the stuff I find, because this is direct access into individual accounts. This is a cybercriminal’s dream working list.”

Fowler reported the database leak to the World Host Group, the company which faced the leak. However, they were swift to respond, promptly taking the database offline following the report. Although they did not respond to Fowler until after being contacted by media outlets.

Seb de Lemos, CEO of World Host Group later stated that the server was customer-controlled and misused by a fraudulent user, and the company is cooperating with authorities to enhance its reporting systems.