Jeremiah Fowler, cybersecurity researcher of Website Planet reported that he had found a non-password-protected database featuring 184,162,718 unique logins and passwords, which amounted to over 47GB of data. The files he saw included emails, usernames, passwords, and more for a wide range of services and apps, including Microsoft, Meta, Snapchat, and Roblox. Even more worrying, Fowler spotted logins and credentials for bank accounts, health platforms, and government portals from multiple governments around the world.

More and more of our personal data seems to leak online with each passing day, and while it’s easy to become numb to that reality, some data breaches are more concerning than others.

Whether or not the database was being used for a legitimate purpose, such as research, or for criminal activity remains a mystery, because the hosting provider won’t share any details about the owner. It also isn’t clear how long the data was exposed to the public.

Fowler verified the authenticity of the data by contacting several email addresses listed in the database. Some responded, confirming that the leaked data was theirs. Fowler suspects that the data was initially gathered by “some type of infostealer malware.”

“Many people unknowingly treat their email accounts like free cloud storage and keep years’ worth of sensitive documents, such as tax forms, medical records, contracts, and passwords without considering how sensitive they are,” Fowler noted, warning users to regularly delete old emails containing sensitive data. “This could create serious security and privacy risks if criminals were to gain access to thousands or even millions of email accounts.”