Facebook Credentials Exposed: What the 184M Password Leak Means And Why It's Just the Beginning

By Sirbow | 25 May 2025

Facebook & Instagram leak cover

What Happened?

In May 2025, cybersecurity researcher Jeremiah Fowler uncovered a misconfigured ElasticSearch database containing 184 million+ login records.

The exposed data included credentials from:

Facebook

Instagram

Roblox

Banking and fintech portals

Government websites across 29+ countries

These credentials were not stolen from one platform. Instead, they were harvested by infostealer malware A type of malicious software that infects personal devices and extracts saved passwords, browser session data, cookies, and autofill fields.

Infostealer process timeline

Why Is This Leak So Dangerous?

This leak is especially dangerous for two key reasons:

1. Passwords Are Still Active

Unlike older breaches that circulate for years, this one contains recent data and many of the passwords were found in plaintext.

2. Password Reuse is Rampant

Cybernews reports that 94% of the passwords were reused across multiple services. This makes the breach a perfect launchpad for credential stuffing attacks.

What Is Credential Stuffing?

Credential stuffing is when hackers use leaked email-password combinations to try and log into multiple services. Because many people use the same login credentials everywhere, attackers often gain access to:

Social media accounts

Email inboxes

Online banking

Business tools and admin dashboards

Credential stuffing flowchart

Are You Affected?

If you've used the same password for Facebook, Instagram, or Roblox across other sites, then you are at risk.

5 Steps to Protect Yourself Now

Change your passwords - especially reused ones

Enable 2FA (two-factor authentication) on all services

Use a password manager like Bitwarden or 1Password

Scan your devices for malware (Windows Defender, Malwarebytes, Hitman.Pro, Sophos Intercept X (Mobile))

Monitor bank, email, and social accounts for unusual activity

Bonus Tip: Disable browser autofill to prevent future info-stealing attacks.

What Makes This Leak a Turning Point?

This breach wasn't caused by a direct Facebook hack, it was caused by millions of infected users and careless storage of sensitive data.

The future of cybercrime is clear: hack the human, not the company.

My thoughts?

This breach is a critical wake-up call. From individuals to government employees, no one is safe from the growing threat of Information Security..

Stay alert. Stay secure.

Want More CyberSec tools?

Visit Ubuntu Guard resources to get our toolbox, checklists, and resources

By Sirbow, for Ubuntu Guard Cyber

Cybernews    Wired    HackRead    TechRadar    TechRepublic

← Back to Blog Home

Has your business been exposed?

Ubuntu Guard offers free cybersecurity assessments for small businesses in Durban and KZN. Find out where your gaps are before attackers do.

Get Your Free Assessment