We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Researcher Discovers Data Breach Affecting 184 Million Accounts

Researcher Discovers Data Breach Affecting 184 Million Accounts
Author Image Andreea-Mihaela Roman
Andreea-Mihaela Roman First published on May 27, 2025 Tech writer

Cybersecurity researcher Jeremiah Fowler discovered an unprotected cloud system exposing 184 million credentials. The collection, containing around 47.42 gigabytes of data, included sensitive information from popular platforms such as Instagram, Facebook, and Snapchat, as well as government accounts from different countries, banks, and health institutions.

According to Hackread, which obtained access to the information shared by Fowler, the data was exposed due to a misconfigured hosting provider that lacked basic security measures such as encryption or password protection. The information exposed included passwords, emails, and URLs. The researcher suspects hackers could have obtained it through an infostealer malware, a software designed to infect computers and secretly collect sensitive information.

Fowler reached out to the victims exposed in the database and confirmed that the passwords and emails exposed were valid and real. The researcher notified the hosting service, and it was immediately removed from public access.

It has not been disclosed for how long the data has been exposed, who the owner of the collection is, or the purpose. However, experts suspect it’s an activity related to cybercriminals who exposed their own database. This conclusion is supported by the fact that the IP address links the database to two domains, one unregistered and available for purchase, and the other inactive, and the owner cannot be verified.

The cybersecurity researcher considered this case to be very similar to the infostealer Lumma, which was recently used to exploit Reddit comments, but the malware’s exact name could not be identified in this case.

Fowler recommended that users verify what information they store in their email accounts, and regularly delete emails that contain sensitive information or financial documents, and for those who need to share sensitive information, to prefer an encrypted cloud storage over email. Also, to apply the basic security measures, such as updating passwords, activating two-factor authentication, and monitoring accounts.

Similar malware campaigns have been affecting millions of users in the past few months. In October, 6,000 WordPress sites were infected with an infostealer malware in a plugin.

About the Author

Andreea-Mihaela is a passionate tech writer with a BA in Communications Technology. She stands strongly for online privacy and believes that we can never be too safe with our personal information.

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

This field must contain more than 50 characters

The field content should not exceed 1000 letters

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address