Cybersecurity researcher Jeremiah Fowler discovered an unprotected cloud system exposing 184 million credentials. The collection, containing around 47.42 gigabytes of data, included sensitive information from popular platforms such as Instagram, Facebook, and Snapchat, as well as government accounts from different countries, banks, and health institutions.

According to Hackread, which obtained access to the information shared by Fowler, the data was exposed due to a misconfigured hosting provider that lacked basic security measures such as encryption or password protection. The information exposed included passwords, emails, and URLs. The researcher suspects hackers could have obtained it through an infostealer malware, a software designed to infect computers and secretly collect sensitive information.

Fowler reached out to the victims exposed in the database and confirmed that the passwords and emails exposed were valid and real. The researcher notified the hosting service, and it was immediately removed from public access.

It has not been disclosed for how long the data has been exposed, who the owner of the collection is, or the purpose. However, experts suspect it’s an activity related to cybercriminals who exposed their own database. This conclusion is supported by the fact that the IP address links the database to two domains, one unregistered and available for purchase, and the other inactive, and the owner cannot be verified.

The cybersecurity researcher considered this case to be very similar to the infostealer Lumma, which was recently used to exploit Reddit comments, but the malware’s exact name could not be identified in this case.

Fowler recommended that users verify what information they store in their email accounts, and regularly delete emails that contain sensitive information or financial documents, and for those who need to share sensitive information, to prefer an encrypted cloud storage over email. Also, to apply the basic security measures, such as updating passwords, activating two-factor authentication, and monitoring accounts.

Similar malware campaigns have been affecting millions of users in the past few months. In October, 6,000 WordPress sites were infected with an infostealer malware in a plugin.