A massive new data breach has come to light, with more than 184 million usernames and passwords – including Apple ID logins – found wide open on an unprotected server. The leak also includes logins for Facebook, Google, PayPal, Microsoft, banks, government portals, and more, making this one of the largest collections of personal login data ever seen.
The 47-gigabyte database was sitting openly on the internet, with no password or encryption. Security researcher Jeremiah Fowler, who discovered it, says the records almost certainly came from so-called “infostealer” malware – malicious software that grabs usernames and passwords from infected devices. These attacks usually spread through phishing emails or downloads from unreliable sites, and they can collect everything from web logins to email, banking, and health account details.
This is a big deal because Apple IDs and email accounts are often a gateway to a treasure trove of other personal data. With access to your Apple ID, criminals could potentially get into your iCloud account, purchase apps or subscriptions, or even lock you out of your own device. Email accounts can be even worse – many people store years of sensitive information, personal documents, and password reset links in their inboxes without realising the risks.
What can you do?
To protect yourself, change your Apple ID and email passwords as soon as possible – especially if you use the same password for other sites. It’s a good idea to use unique, complex passwords for every account, and to enable two-factor authentication wherever you can.
Apple’s Passwords app can help here. It creates strong, unique passwords for each site, remembers them for you, and will alert you to any other known data breaches. It’s an easy way to boost your security and avoid reusing passwords across multiple sites – crucial in this day and age.