A massive data breach has exposed over 184 million unique login credentials, including usernames and passwords, from major platforms such as Google, Microsoft, Apple, Facebook, Instagram, Snapchat, Amazon, PayPal, and Yahoo. The credentials were stored in an unsecured, unencrypted 47GB database discovered by cybersecurity researcher Jeremiah Fowler in May 2025. The exposed data includes access to email providers, social media, banking, health services, and government portals from at least 29 countries. Many of the compromised records were confirmed to be current and accurate. The breach is attributed to InfoStealer malware, which harvests sensitive information from infected devices, often spread via phishing emails or malicious websites. The database was publicly accessible, required no authentication, and contained direct login URLs, making it vulnerable to misuse by cybercriminals. It remains unclear who owned or uploaded the database, and whether it was used for criminal activity. After notification, the hosting provider removed access to the file. Cybersecurity experts warn that the leaked credentials could facilitate credential stuffing, phishing attacks, corporate espionage, and state-level cyberattacks. Users are advised to change their passwords, enable multi-factor authentication, and monitor for suspicious activity. In a related development, Microsoft has issued a critical password warning to millions of users of Windows 10, Windows 11, and Microsoft 365. The company announced a phase-out timeline for Microsoft Authenticator: from June 2025, new passwords can no longer be saved in the app; in July, autofill and payment features will be disabled; and by August 2025, all saved passwords will be deleted. Users are encouraged to export their credentials and consider alternative password management solutions.