Suspected infostealer malware
A breach exposing 184 million passwords includes Apple login credentials used across iPhone and Mac computers.
On May 22, 2025, cybersecurity researcher Jeremiah Fowler reported the discovery of a massive unprotected database containing more than 184 million usernames and passwords. The 47-gigabyte Elasticsearch server was publicly accessible and not secured by a password or encryption.
The exposed credentials covered accounts from at least 29 countries and included login details for widely used platforms such as Facebook, Google, Microsoft, and Apple. Fowler’s original disclosure on Website Planet didn’t list Apple services by name — but iCloud logins are present, following inspection.
However, a Wired investigation based on a sample of 10,000 records confirmed the presence of Apple, iCloud, and other major services in the dataset.
The database was quickly taken offline after Fowler alerted the hosting provider, World Host Group. The owner of the database remains unknown, and it’s unclear how long the data was exposed or whether it had already been accessed by malicious actors.
Why this matters for Apple users
Although Apple’s systems weren’t breached, users whose Apple ID credentials were reused on other sites are now at elevated risk. Infostealer malware, which is software designed to siphon saved credentials from browsers and apps, appears to have compiled the leaked data.
Once attackers gain access to one reused password, they can attempt to log into other services, including Apple ID accounts. The breach sample included hundreds of Apple login entries. Given the size of the full data set, it’s likely that thousands of Apple credentials were included.
Apple accounts are high-value targets because of their integration with payment methods, iCloud backups, and device tracking features. If compromised, attackers may attempt identity theft, gain access to photos or emails, or remotely lock and erase Apple devices.
What we still don’t know
Fowler hasn’t identified who collected or stored the leaked credentials. It’s also unknown how long the Elasticsearch server was online or whether threat actors accessed it before it was secured. The hosting provider hasn’t disclosed its customer’s identity.
Use Apple’s Passwords app
Apple has not issued a public response to the breach as of this writing. The company’s built-in security features, such as Sign in with Apple and iCloud Keychain, reduce the risks associated with password reuse.
Still, they can’t protect users who reuse credentials across multiple platforms or fall for phishing attempts.
What Apple users should do now
Change your Apple ID password immediately, especially if you’ve used the same password on other sites. It’s important to use a long, unique password that isn’t easily guessed to enhance your account’s security.
Additionally, enable two-factor authentication (2FA) if it’s not already active. Apple recommends this extra layer of security for all accounts, and you can turn it on through Settings or at account.apple.com.
Next, consider using Apple Passwords or a trusted password manager to create and store unique passwords for each site or app. This practice helps avoid reusing the same credentials across services, which can compromise your security.
Apple also has a Hide My Email service
Using Apple’s Hide My Email service as part of the iCloud+ subscription offers another layer of security for online accounts. It lets you create a unique email alias for every account that forwards emails to your Apple ID email. You can deactivate them at any time.
Furthermore, check if your credentials were part of a breach using tools like Have I Been Pwned. Even if your Apple ID wasn’t listed, breaches elsewhere could still affect you through reused passwords.
Review your iCloud and Apple account settings by going to Settings, Apple ID, Password & Security. Here, you can review login locations, trusted devices, and recovery methods to ensure everything is secure.
It’s also crucial to monitor your email and app login alerts for suspicious activity, including sign-ins from unknown devices or locations. Last, be vigilant for phishing attempts.
If attackers know your email and past passwords, they may create convincing fake emails to trick you into entering your Apple ID credentials on spoofed pages.
