Your iCloud account can be endangered by an 184 -m password

Suspected info -malware

A violations that reveal 184 million passwords contains Apple registration information that is used on iPhone and Mac computers.

On May 22, 2025, cyber security researcher Jeremiah Fowler reported on the discovery of a massive unprotected database with more than 184 million user names and passwords. The 47-gigabyte elasticsearch server was open to the public and was not secured by a password or encryption.

The exposed login information included accounts from at least 29 countries and contained registration data for widespread platforms such as Facebook, Google, Microsoft and Apple. Apple Services has not performed the original disclosure of Fowler on website Planet – but iCloud registrations are available after the inspection.

However a Wired Investigation based on a sample of 10,000 data records confirmed the existence of Apple, Icloud and other important services in the data record.

The database was quickly made offline after Fowler had made the hosting provider World Host Group aware. The owner of the database is still unknown and it is unclear how long the data has been exposed or whether they have already been accessed by malicious actors.

Why this is important for Apple users

Although Apple's systems have not been violated, users whose Apple ID -ID login information on other websites have been reused have an increased risk. InfoTeal malware, which has developed software for siphon -stored login information from browsers and apps, seems to have compiled the leaked data.

As soon as attackers have received access to a reused password, you can try to register for other services, including Apple -ID accounts. The Breach test contained hundreds of Apple registration entries. In view of the size of the full data record, it is likely that thousands of Apple registration information have been included.

Apple accounts are high-quality goals due to their integration with payment methods, iCloud protection and device persecution functions. In the case of compromises, attackers can try to acquire identity theft, get access to photos or e -mails or to block and delete Apple devices from a distance.

What we still don't know

Fowler has not identified who collected or saved the leaked login information. It is also not known how long the ElasticSearch server was online or whether threats have accessed it before it was secured. The hosting provider has not announced the identity of its customer.

Use Apple's passwords app

At the time of this letter, Apple did not publish a public answer to the violation. The integrated security functions of the company, e.g. B. at Apple and iCloud Keysty, reduce the risks associated with the reuse of password.

Nevertheless, you cannot protect users who reuse login information on several platforms or fall on phishing attempts.

What Apple users should do now

Change your Apple -ID password immediately, especially if you have used the same password on other websites. It is important to use a long, clear password that is not easy to guess to improve the safety of your account.

Also activate the two-factor authentication (2FA) if it is not yet active. Apple recommends this additional security level for all accounts, and you can switch it on via settings or account.apple.com.

Next, consider the use of Apple passwords or a trustworthy password manager to create and save clear passwords for every website or app. This practice avoids using the same login information across services, which can affect your security.

Apple also has a hiding place of my e -mail service

The use of Apple from the access of my E -Mail service as part of the iCloud+ anonnet offers another security level for online accounts. You can create a clear e -mail alias for each account that forwards the e -mails to your Apple -ID -E email. You can deactivate them at any time.

Also check whether your login information was part of a violation using tools like me Pwned. Even if your Apple ID was not listed, you can affect reused passwords elsewhere.

Check your iCloud and Apple account settings by going to settings, Apple -ID, password and security. Here you can check registration resorts, trustworthy devices and recovery methods to ensure that everything is safe.

It is also important to monitor your email and app login warnings for suspicious activities, including registrations from unknown devices or locations. Ultimately, be vigilant for phishing attempts.

If attackers know your e -mails and past passwords, you can convincingly create fake e -mails to get you to enter your Apple -id registration information on fake pages.