Massive Database Leak Exposes 184 Million Login Records From Major Platforms - 1

Image by Cedrik Wesche, from Unsplash

Massive Database Leak Exposes 184 Million Login Records From Major Platforms

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

A huge unsecured database leaked 184 million login credentials, including government emails, risking identity theft and widespread cyber attacks worldwide.

In a rush? Here are the quick facts:

  • Data included usernames and plain-text passwords from Apple, Google, Facebook.
  • Government accounts from 29 countries were part of the leaked data.
  • The database was likely compiled by hackers using infostealer malware.

A huge database containing 184 million login details—including accounts from Apple, Google, Facebook, and many others—was recently discovered online, as revealed in a report by WIRED . The leak included usernames and plain-text passwords, putting millions of people and dozens of government accounts at risk.

WIRED reports that security researcher Jeremiah Fowler discovered the unsecured Elastic database during early May. Fowler described this incident as remarkable because it involved an enormous number of different accounts.

“This is probably one of the weirdest ones I’ve found in many years,” he told WIRED. “As far as the risk factor here, this is way bigger than most of the stuff I find, because this is direct access into individual accounts. This is a cybercriminal’s dream working list,” he added.

Fowler believes the hackers obtained the data through malware known as an infostealer, which steals login information from compromised computers.

“It’s the only thing that makes sense, because I can’t think of any other way you would get that many logins and passwords from so many services all around the world,” Fowler told WIRED.

The database operated from World Host Group’s servers. The server operated under fraudulent control until the company shut it down.“Our legal team is reviewing any information we have that might be relevant for law enforcement,” said CEO Seb de Lemos, as reported by WIRED.

Though the leak is closed, experts warn the exposed login credentials could already have been stolen and misused for fraud or identity theft.

Fake Ledger Live Apps Are Stealing Crypto - 2

Image by Brian J. Tromp, from Unsplash

Fake Ledger Live Apps Are Stealing Crypto

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

Cybercriminals are using fake Ledger Live apps and phishing alerts to steal seed phrases, launching malware that silently drains crypto wallets across platforms.

In a rush? Here are the quick facts:

  • Fake Ledger Live apps steal seed phrases to drain crypto wallets.
  • At least four malware campaigns have mimicked Ledger Live since August 2024.
  • Hackers use phishing pop-ups to trick users into entering 24-word seed phrases.

Cybercriminals are using fake versions of Ledger Live — the app used to manage crypto on Ledger wallets — to steal seed phrases and drain users’ funds. Moonlock Lab revealed that since August 2024, at least four active malware campaigns have targeted Ledger Live with phishing attacks.

Initially, fake apps could only steal notes and wallet data. But today, they trick users into giving away their 24-word seed phrase. One tactic, seen in Atomic macOS Stealer (AMOS), involves a fake security alert that asks users to “verify” their seed phrase. Once typed, it’s sent directly to hackers.

The shift began with the “Odyssey” malware by a hacker named Rodrigo. According to Moonlock, since March 2025, Odyssey has bypassed Ledger Live’s defenses with a phishing page that urges users to enter their seed to fix a “critical error.”

Rodrigo’s method set off a chain reaction. Another hacker, @mentalpositive, claimed their malware now includes an “anti-Ledger” module. But two samples of their code showed no major changes—only a new server address and name switch from “JENYA” to “SHELLS.”

Meanwhile, a new campaign discovered by Jamf Threat Labs involved an undetectable Mac installer that loads a fake Ledger Live interface. The stealer silently grabs passwords, files, and wallet data using a mix of Python and AppleScript.

AMOS has also adopted Rodrigo’s phishing scheme. Victims are tricked into launching a terminal file that bypasses Apple’s security checks, allowing malware to run. If it detects a real system, not a virtual one, it sends stolen files and credentials — including data from Binance and TonKeeper — to a remote server.

With more hackers copying this approach, crypto users are urged to avoid entering seed phrases into apps or pop-ups.