Trending News: Major Cybersecurity IncidentsPlaintext Passwords and Public Panic: 184 Million Records ExposedUnderstanding Session Hijacking in CybersecurityHow HTML Injection Works and Why It’s DangerousCybersecurity & Forensics R&D Centre at EOU PatnaTime Based For Hall of Fame in HackerOneOne Click Away from Breach: The Power of RCEMobile Hacking: What It Is, How It Happens, and How to Stay SafeWhat is Dark Web and How to Access Dark Web?What is Path Traversal Vulnerability?Most common vulnerability Open RedirectOverview of Broken Access Control VulnerabilitiesNew e-Zero FIR will help cyber criminalsCyber Laws of IndiaUnderstanding IDOR Vulnerability: Risks, Detection, and PreventionParamSpider: A Powerful Tool for Discovering Hidden Web ParametersWhat is Cross-Site Scripting (XSS)?What is AI? How AI Works!Cybersecurity in the Modern World: Safeguarding Our Digital FutureSection 464 IPC – Making a False Document: A Comprehensive GuideSection 70B of IT Act – What is CERT-IN and Why It Matters for Cybersecurity in IndiaSection 419 IPC: Cheating by Personation – Explained with Examples, Phishing Cases & How to Stay SafeSection 67 of the IT Act: Publishing Obscene Content Online – What You Need to KnowSection 66D of the IT Act, 2000 – Cheating by Personation Using Computer ResourcesUnderstanding Section 65 of the IT Act, 2000: Tampering with Computer Source CodeSection 43 of the Information Technology Act, 2000: Explained in SimpleUnderstanding Section 66 of the IT Act, 2000: Explained with a Cyber ExampleHow to Install Kali Linux on Windows PC or Laptop Using WSLHow to Use Subfinder to Discover Subdomains: A Complete GuideIn-Depth Guide to Cyber Law Section 66 of IT Act, 2000Most Common and Popular Cyber Laws in India: What Every Internet User Must KnowThe Best Digital Cyber Attack are performTop 10 Tool Which is The god of Bug BountyEverything You Need to Know About the Dark WebHow Web Browsers Work: Your Window to the Internet!CyberHelper’s Guide to 100 Things That Can Make Your Digital Life Unsafe!10 Best Extensions for Bug Bounty (Web Pentesting)CyberHelper – Learn Ethical Hacking & Cybersecurity for FreeUnderstanding CVE (Common Vulnerabilities and Exposures) in CybersecuritySubdomain Takeover: Understanding the Risk & How to Prevent ItUnderstanding HTML Injection: A Complete GuideUnderstanding Cross-Site Scripting (XSS): A Deep DiveUnderstanding Cross-Site Request Forgery (CSRF): A Deep DiveUnderstanding OTP Bombing: How It Works and How to Stay Safe
Wed. Jun 18th, 2025
Trending News: Major Cybersecurity IncidentsPlaintext Passwords and Public Panic: 184 Million Records ExposedUnderstanding Session Hijacking in CybersecurityHow HTML Injection Works and Why It’s DangerousCybersecurity & Forensics R&D Centre at EOU PatnaTime Based For Hall of Fame in HackerOneOne Click Away from Breach: The Power of RCEMobile Hacking: What It Is, How It Happens, and How to Stay SafeWhat is Dark Web and How to Access Dark Web?What is Path Traversal Vulnerability?Most common vulnerability Open RedirectOverview of Broken Access Control VulnerabilitiesNew e-Zero FIR will help cyber criminalsCyber Laws of IndiaUnderstanding IDOR Vulnerability: Risks, Detection, and PreventionParamSpider: A Powerful Tool for Discovering Hidden Web ParametersWhat is Cross-Site Scripting (XSS)?What is AI? How AI Works!Cybersecurity in the Modern World: Safeguarding Our Digital FutureSection 464 IPC – Making a False Document: A Comprehensive GuideSection 70B of IT Act – What is CERT-IN and Why It Matters for Cybersecurity in IndiaSection 419 IPC: Cheating by Personation – Explained with Examples, Phishing Cases & How to Stay SafeSection 67 of the IT Act: Publishing Obscene Content Online – What You Need to KnowSection 66D of the IT Act, 2000 – Cheating by Personation Using Computer ResourcesUnderstanding Section 65 of the IT Act, 2000: Tampering with Computer Source CodeSection 43 of the Information Technology Act, 2000: Explained in SimpleUnderstanding Section 66 of the IT Act, 2000: Explained with a Cyber ExampleHow to Install Kali Linux on Windows PC or Laptop Using WSLHow to Use Subfinder to Discover Subdomains: A Complete GuideIn-Depth Guide to Cyber Law Section 66 of IT Act, 2000Most Common and Popular Cyber Laws in India: What Every Internet User Must KnowThe Best Digital Cyber Attack are performTop 10 Tool Which is The god of Bug BountyEverything You Need to Know About the Dark WebHow Web Browsers Work: Your Window to the Internet!CyberHelper’s Guide to 100 Things That Can Make Your Digital Life Unsafe!10 Best Extensions for Bug Bounty (Web Pentesting)CyberHelper – Learn Ethical Hacking & Cybersecurity for FreeUnderstanding CVE (Common Vulnerabilities and Exposures) in CybersecuritySubdomain Takeover: Understanding the Risk & How to Prevent ItUnderstanding HTML Injection: A Complete GuideUnderstanding Cross-Site Scripting (XSS): A Deep DiveUnderstanding Cross-Site Request Forgery (CSRF): A Deep DiveUnderstanding OTP Bombing: How It Works and How to Stay Safe
Wed. Jun 18th, 2025

Plaintext Passwords and Public Panic: 184 Million Records Exposed

184 Million Plaintext Passwords Exposed

A significant cybersecurity breach has come to light, involving the exposure of over 184 million login credentials stored in plaintext. Discovered in early May 2025 by cybersecurity researcher Jeremiah Fowler, the unprotected database was found on an unsecured Elasticsearch server managed by World Host Group. The 47 GB trove contained usernames, passwords, emails, and URLs associated with major platforms such as Apple, Google, Facebook, Microsoft, Instagram, and Snapchat. Notably, the data also included credentials linked to banks, healthcare providers, and government agencies from at least 29 countries, including the United States, United Kingdom, Australia, and Canada.

Key Takeaways:

  • Scope of Exposure: Over 184 million records, including login credentials for major tech platforms, financial institutions, healthcare services, and government portals.
  • Global Impact: Credentials associated with government domains from at least 29 countries were found, raising concerns about national security implications.
  • Method of Data Collection: The data was likely compiled using infostealer malware, which extracts information like login credentials, cookies, and autofill data from infected devices.

Recommended Actions:

  1. Change Passwords Immediately: Update passwords for all online accounts, especially if the same password is used across multiple platforms.

Enable Two-Factor Authentication (2FA): Add an extra layer of security to your accounts to prevent unauthorized access.

Use a Password Manager: Tools like 1Password, Bitwarden, or NordPass can help generate and store strong, unique passwords for each account.

Monitor Account Activity: Regularly check your financial and other sensitive accounts for any suspicious activity.

Check for Exposure: Use services like Have I Been Pwned to see if your email address has been involved in any known data breaches.

This incident underscores the critical importance of robust cybersecurity practices, both for individuals and organizations. Regularly updating passwords, enabling 2FA, and being vigilant about account activity are essential steps in protecting personal and sensitive information online.

Victoria’s Secret Suffers Cyberattack

Victoria’s Secret has confirmed a significant cybersecurity incident that led to the suspension of its U.S. website and some in-store services. The breach, which began affecting operations around May 27, 2025, has disrupted online sales, order processing, and internal systems, including employee email access and distribution center functions.

What Happened

The company identified a “security incident” and, as a precaution, took down its website and certain in-store services. Third-party cybersecurity experts have been engaged to investigate and address the issue. While the exact nature of the attack has not been disclosed, the operational disruptions suggest a sophisticated cyberattack, possibly involving ransomware.

Impact on Customers

  • Online Shopping: The U.S. website has been offline since May 27, 2025, preventing customers from placing new orders or accessing customer care services.
  • In-Store Services: Some in-store services, such as processing online returns, have been temporarily suspended.
  • Customer Support: Customer care services have been affected, leading to delays in addressing customer inquiries.

To accommodate affected customers, Victoria’s Secret has extended return windows by 30 days and is honoring expired coupons and rewards.

Business and Financial Impact

The cyberattack has had notable financial repercussions:

  • Stock Performance: Shares of Victoria’s Secret fell by approximately 7% following the disclosure of the breach.
  • Operational Disruptions: Internal operations, including employee email access and distribution center functions, have been disrupted.

Possible Threat Actors

While Victoria’s Secret has not confirmed the perpetrators, cybersecurity experts suggest that the attack may be part of a broader campaign targeting major retailers. Notably, the cybercriminal group known as Scattered Spider has been linked to recent attacks on retailers like Marks & Spencer and Harrods.

Recommendations for Customers

Customers are advised to take the following precautions:

  • Change Passwords: Update passwords for Victoria’s Secret accounts and any other accounts using the same credentials.
  • Enable Two-Factor Authentication: Add an extra layer of security to accounts where possible.
  • Monitor Accounts: Regularly check financial and other sensitive accounts for any suspicious activity.
  • Be Vigilant: Beware of phishing emails or messages claiming to be from Victoria’s Secret.

Victoria’s Secret has stated that its physical stores remain open and that efforts are underway to restore online operations securely. Customers are encouraged to stay informed through official company communications.

    • Cyberhelper

    Cyberhelper

    Related Posts

    Cybersecurity & Forensics R&D Centre at EOU Patna
    Cybersecurity & Forensics R&D Centre at EOU Patna

    On May 24, 2025, a state-of-the-art Research and Development Centre focusing on cybersecurity and cyber forensics was inaugurated at the Economic Offences Unit (EOU) campus in Patna. This initiative is…

    Continue reading
    New e-Zero FIR will help cyber criminals
    New e-Zero FIR will help cyber criminals

    The Indian government’s introduction of the e-Zero FIR system marks a significant advancement in the fight against cyber crime. This initiative aims to streamline the reporting and investigation of cyber…

    Continue reading

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    You Missed

    CyberSecurity

    Major Cybersecurity Incidents

    Major Cybersecurity Incidents
    News

    Plaintext Passwords and Public Panic: 184 Million Records Exposed

    Plaintext Passwords and Public Panic: 184 Million Records Exposed
    Vulnerability

    Understanding Session Hijacking in Cybersecurity

    Understanding Session Hijacking in Cybersecurity
    Vulnerability

    How HTML Injection Works and Why It’s Dangerous

    How HTML Injection Works and Why It’s Dangerous
    News

    Cybersecurity & Forensics R&D Centre at EOU Patna

    Cybersecurity & Forensics R&D Centre at EOU Patna
    Vulnerability

    Time Based For Hall of Fame in HackerOne

    Time Based For Hall of Fame in HackerOne