Massive Data Exposure Discovered
In what cybersecurity analysts are calling one of the largest data exposures of 2025, approximately 40 billion records were found sitting completely unsecured in a publicly accessible database. According to reports, the unprotected data repository contained everything from email addresses and message subjects to sensitive banking and healthcare information, with researchers noting they “saw numerous records marked as confidential” during their investigation.
The discovery was made by cybersecurity researcher Jeremiah Fowler, who immediately reported his findings to Website Planet. Sources indicate the database lacked any form of password protection or encryption, meaning anyone with internet access could potentially view the massive 13-terabyte collection of personal information.
Netcore Cloud Connection Identified
The exposed database has been linked to Netcore Cloud Pvt. Ltd, a Mumbai-based marketing technology company whose website states it provides AI-powered customer experience platforms to more than 6,500 global brands. A detailed breach report confirms that much of the exposed information traced back to systems associated with the company.
Analysts suggest the scale of this exposure is particularly concerning given Netcore’s substantial client base and the sensitive nature of the data involved. The researcher’s report states the database contained “partial account numbers and specific information” considered too sensitive for public exposure, along with copious email addresses that could be exploited for sophisticated phishing campaigns.
Immediate Security Response
Upon discovering the security lapse, Fowler immediately notified Netcore Cloud, and access to the database was reportedly restricted within hours. However, the researcher noted it remains unclear how long the information was exposed or whether any malicious actors accessed the data before it was secured.
This incident represents another significant failure in basic computer security protocols, according to industry experts. The fact that such a massive database containing sensitive information remained completely unprotected highlights ongoing challenges in data protection across the technology sector.
Potential Exploitation Risks
Security experts warn that even limited personal information can provide sufficient material for determined security hackers to build detailed victim profiles. According to the analysis, having access to someone’s email address along with knowledge of which companies they interact with enables highly targeted social engineering attacks.
Fowler’s report outlines hypothetical scenarios where bad actors could create convincing phishing emails tailored to specific victim relationships, potentially leading to account takeover attempts or identity theft. While the researcher emphasizes these are educational examples rather than confirmed outcomes of this particular data breach, the risks remain substantial given the volume of exposed information.
Continuing Pattern of Data Exposures
This latest incident continues a troubling trend of major data exposures throughout 2025. Earlier this month, Discord experienced a significant breach involving 70,000 users’ identification photos and personal data. In September, Plex users were advised to change credentials following a leak of emails and hashed passwords.
June reportedly saw what some analysts called “the largest data breach” with 16 billion accounts and credentials exposed across multiple platforms including Facebook, Google, and Apple. April brought a substantial leak affecting Elon Musk’s X platform, with 2.8 billion user IDs reportedly exposed after hackers claimed the company ignored their warnings.
Protective Measures for Consumers
With corporations continuing to struggle with data protection, security experts recommend several defensive measures:
- Remain vigilant about phishing attempts: Carefully examine sender email addresses and avoid clicking unfamiliar links
- Implement strong authentication: Use randomly generated passwords and enable multi-factor authentication wherever possible
- Maintain updated systems: Keep all devices and software current with the latest security patches
- Avoid unsecured websites: Be cautious when sharing information online and look for HTTPS connections
As industry developments in artificial intelligence and data processing accelerate, and following recent technology incidents affecting millions, security professionals emphasize that both corporate responsibility and individual vigilance are essential for protection against evolving digital threats. Meanwhile, related innovations in security protocols continue to emerge as the industry grapples with these persistent challenges.
This article aggregates information from publicly available sources. All trademarks and copyrights belong to their respective owners.
