Massive Password Leak Could Impact Millions in Canada — Here’s What to Know

Is your digital identity still safe?

A cybersecurity researcher has uncovered a massive, unprotected database containing over 184 million user records, including email addresses, passwords, and direct login links. The data is linked to widely used services like Google, Apple, Microsoft, and Facebook — and many Canadians may be exposed.

“This is one of the most dangerous datasets I’ve ever seen,” researcher Jeremiah Fowler told Wired. “It gives direct access to real user accounts.”

And the threat is real: with email and password combos floating freely online, criminals can hijack your digital life in minutes — especially if you reuse credentials across multiple platforms.

What makes this leak different?

Unlike many previous breaches, this data was stored in plain text, meaning it’s immediately usable by hackers — no decryption needed. Even worse, some entries include login URLs that bypass passwords entirely.

The leak appears to aggregate data from earlier breaches, which means your information could be exposed even if you’ve never heard about a recent hack.

In short: if you live in Canada and use Gmail, Facebook, Amazon, or online banking, now is the time to act.

How to protect yourself in Canada — today

Here are 4 immediate steps cybersecurity experts recommend for Canadians:

1. Change your passwords, especially for email, banking, and government services (CRA, Service Canada)
2. Use unique passwords for every account — and consider a password manager
3. Enable two-factor authentication (2FA) wherever possible
4. Check your exposure with tools like haveibeenpwned.com

And if your passwords were compromised in older breaches — which many in this dataset were — they’re still dangerous if you haven’t changed them since.

What Canadian companies are doing — and what they’re not

Canadian institutions are not immune. In recent years, breaches have affected major retailers, telecom providers, and even the Canada Revenue Agency (CRA). A 2023 CRA suspension wave affected thousands of users after suspicious login attempts.

With cloud-based systems becoming the norm — from banks to health care — a single vulnerability can affect millions. An IBM report shows that 82% of breaches now involve cloud-stored data.

And as more Canadian companies outsource services overseas, insider threats are also growing. Earlier this month, crypto exchange Coinbase admitted that international support staff had helped leak user information in a separate breach.

Vigilance is your best protection

It doesn’t take a tech degree to stay safe — just good digital habits. Cybercrime is growing rapidly, and Canada is part of the target zone.

As Teresa Murray from U.S. PIRG put it:

“This is a wake-up call for anyone who’s let digital security slide.”

So if your Gmail password is still the same one you use for Netflix — or worse, your bank — now’s the time to fix that.

Our team may have used AI to assist in the creation of this content, which has been reviewed by our editors.