Expert issues urgent warning to 184,000,000 Apple and Google users amid 'security breach'

An expert has issued a dire warning as millions of people's emails and passwords across dozens of popular platforms have been leaked.

A seasoned data-breach hunter and security researcher, Jeremiah Fowler, is sounding the alarm after uncovering a major Elastic database of users' personal data.

The terrifying database has harvested more than 184 million login credentials for popular sites and email accounts, including Google, Apple, Facebook, Instagram and Netflix.

What does the data contain?

The illegal treasure trove, as reported by Wired, was found earlier this month and contains records across more than 47GB of raw credential data.

The breach concerns 184 million accounts (Getty Images)

Each record had an ID tag for the type of an account, a URL for each site and the usernames and passwords.

In a small sample of just 10,000 records in the millions collected in the database, Fowler found 475 Google accounts, hundreds for social media platforms Facebook (479) and Instagram (240), as well as 227 Roblox account details, 209 Discord accounts and more than 100 of Netflix and PayPal each, among others.

Some other popular sites affected include Apple and Amazon - and a keyword search unearthed 187 instances of the word 'bank' and 57 of 'wallet'.

Fowler also wrote in Website Planet that the data was 'publicly exposed' and 'was not password-protected or encrypted'.

Who is affected and what are the risks?

The accounts span across more than 29 countries, including the US, Canada, the UK, Australia, China, India, Israel, New Zealand and Saudi Arabia.

Some .gov domains were also spotted, with the tech pro warning federal data could also have been at risk.

Netflix and dozens of other popular platforms have been leaked (Getty Images)

Fowler said the risks for other users include targeted phishing attacks to obtain additional information, possibly leading to identity theft, financial fraud, account takeovers and social engineering from the victims' accounts as well as corporate espionage of businesses.

Fortunately, it has since been shut down, though it remains unclear if any of the data was extracted beforehand.

What have experts said about the ‘breach’?

Fowler said he confirmed the legitimacy of the data by contacting people via their email addresses in the database and heard back, confirming the authenticity of the accounts.

Facebook accounts were also in the database (Getty Images)

“This is probably one of the weirdest ones I’ve found in many years,” he added. “As far as the risk factor here, this is way bigger than most of the stuff I find, because this is direct access into individual accounts.

"This is a cybercriminal’s dream working list.”

Who could be behind the database?

Fowler told the news outlet he is usually able to spot clues about who controls databases of this nature or hints as to why the data was collected in the first place.

However, he said there were no such clues in the compilation but suggested it was likely a massive cybercriminal network.

A possible clue Fowler did uncover was that the password for the field was 'Senha,' the Portuguese word for password.

The expert believes it's the work of a cybercriminal (Getty Images)

“It is highly possible that this was a cybercriminal,” Fowler added. “It’s the only thing that makes sense, because I can’t think of any other way you would get that many logins and passwords from so many services all around the world.”

'A fraudulent user'

Fowler reported the suspected breach to the hosting company it was linked to, World Host Group, which told Wired in a statement that the database was an 'unmanaged server.'

Seb de Lemos, CEO of World Host Group, added: "It appears a fraudulent user signed up and uploaded illegal content to their server.

"The system has since been shut down. Our legal team is reviewing any information we have that might be relevant for law enforcement.”

Details for Apple accounts were also uncovered (Getty Images)

How to protect your data amid breach warning

Fowler has several top tips for users to shield themselves against such a breach.

He recommends changing your passwords every year, use 'hard-to-guess' passwords for every account, use two-factor authentication, consider a password manager and 'invest in a good antivirus'.

He also says you can check if your credentials have been exposed through certain services, like 'haveibeenpwned.'

UNILAD has contacted Google, Apple, Meta, Netflix, Roblox, Discord, Amazon and PayPal for comment.