As winter arrives, so have the news headlines announcing multiple data breaches and leaks throughout the month of May. Read on for all the latest.

Huge Breach Affects Tech Giants like Google, Meta, Snapchat, and Apple

A massive, publicly accessible database containing more than 184 million unique passwords has been discovered online, exposing credentials for everything from social media accounts to banking and government portals. The database was left unprotected (no encryption, no log-in required) and included log-in credentials for platforms like Google, Microsoft, Facebook, Instagram, Snapchat, Roblox, and more.

The database has since been taken offline, but it’s believed the stolen data was collected using infostealer malware — a type of malicious software that silently harvests data from infected devices. Rather than breaching the companies directly, these tools target individual users and data from their devices.

Some affected companies, like Snapchat, have stated there is no evidence of a breach in their systems, supporting the theory that the data was harvested from users rather than hacked from platforms. Users are urged to enable multi-factor authentication (MFA), avoid reusing passwords across sites, and consider using a password manager to store strong, unique credentials. In the meantime, investigations are ongoing.

Alleged Facebook Data Breach Could Affect 1.2 Billion Users

A hacker is claiming to have scraped a staggering 1.2 billion user records from Facebook. The alleged breach, advertised on a dark web forum, includes a vast range of personal data: user IDs, names, phone numbers, email addresses, locations, usernames, birthdays, and gender details.

The threat actor behind the post claims the dataset is newly compiled, not just a recycled leak from previous breaches. The data was reportedly collected by abusing a Facebook API — a technique hackers have previously used to harvest public and semi-public information from the platform at scale. While Meta, Facebook’s parent company, did not directly deny the scraping, it dismissed the leak as old news: “This is not a new claim. We disclosed this years ago and have taken steps to prevent similar incidents from happening since.” Nonetheless, experts warn that this could be one of the largest data scraping incidents involving Facebook.

Coinbase Hit By Rogue Insider Leak

Coinbase has confirmed that a data leak stemming from an insider threat affected 69,461 users — far more than the “less than one percent” it initially suggested. A filing with the Maine Attorney General revealed that overseas customer support contractors began leaking user data on December 26, 2024. The breach wasn’t discovered until May 11, 2025, when the company received a $20 million extortion demand.

The rogue contractors were reportedly bribed to hand over names, contact details, partial Social Security numbers, and in some cases, masked banking data and ID images. Coinbase stressed that no user funds were stolen, and that its wallet infrastructure remained secure. Estimated costs from the breach could reach up to $400 million, according to an SEC filing.

British Retailers, M&S and Co-op, Suffer Major Data Breaches

British retailer Marks & Spencer (M&S) faces a potential £300 million ($402 million) profit loss after a cyberattack disrupted operations and forced its online retail systems offline, with disruptions expected through July. The attack involved DragonForce ransomware, which encrypted virtual machines across M&S’s 1,400 stores and stole customer data before halting online orders.

Other UK retailers, including Co-op and Harrods, have also been targeted by affiliates linked to the Scattered Spider cybercriminal community using DragonForce ransomware. Co-op confirmed a breach exposing personal data of current and former members after attackers used social engineering to reset an employee’s password and steal Active Directory data. The UK National Cyber Security Centre has issued guidance to help retailers strengthen defenses amid this wave of attacks. Investigations remain ongoing.

How Can I Keep My Data Safe?

• Use strong, unique passwords: Avoid reusing passwords and combine letters, numbers, and special characters.
• Enable two-factor authentication (2FA): Add an extra layer of security by requiring a second verification step.
• Monitor your accounts: Regularly check bank and credit card statements for suspicious activity.
• Update software regularly: Keep devices and software up to date with the latest security patches.
• Be cautious with personal information: Carefully consider what information you share online and with whom
• Use security software such as Trend Micro Security Suite Pro Plus to help keep your identity secure.

Already a Trend Micro Customer?

Visit your Trend Micro Account to make sure you have downloaded all the included apps in your subscription!