A significant data breach has exposed over 184 million records, including login credentials for Apple iCloud accounts, raising serious concerns about user privacy and security, Wired is reporting.
Discovered by cybersecurity researcher Jeremiah Fowler in May 2025, the unprotected database contained usernames and plaintext passwords for various platforms, including Apple, Google, Meta, and others.
Among the massive trove of leaked information, Apple iCloud credentials stood out due to their association with sensitive user data like messages, photos, documents, device backups, and even location history.
According to Fowler’s report, the database included plaintext login details for iCloud, Google, Meta, and other services. The Apple-related entries—some bearing .icloud.com and .me.com email addresses—could allow unauthorized access to users’ personal and professional digital ecosystems if exploited.
Among the compromised data were email addresses with .gov domains from at least 29 countries, including the United States, United Kingdom, Canada, and Australia. This suggests that government employees’ accounts were also affected, posing potential national security risks.
Although the exact origin of the data remains unknown, the breach appears to involve a third-party data aggregator or threat intelligence firm that had collected the credentials, possibly from previously compromised data. The database was left unprotected on the internet with no password, making it easily accessible to anyone who stumbled across it.
Apple has historically emphasized its commitment to user privacy, maintaining strong encryption standards and resisting government requests for backdoor access. According to the company’s public privacy statements, Apple does not store user passwords in plaintext and encourages users to enable two-factor authentication (2FA) to add an additional layer of protection.
Apple iCloud users are strongly urged to take immediate steps to secure their accounts by changing their passwords immediately and enabling 2FA for added security.
Want to see more of our stories on Google?
P.S. Want to keep this site truly independent? Support us by buying us a beer, treating us to a coffee, or shopping through Amazon here. Links in this post are affiliate links, so we earn a tiny commission at no charge to you. Thanks for supporting independent Canadian media!
While technically correct, the headline is misleading. A collection of previously hacked/leaked credentials aggregated in a database were exposed again due to the idiots responsible for the database.
clickbait, do better
How is it click bait?