In November 2019, the website for Indian Rail left more than 2M records exposed on an unprotected Firebase database instance. The exposed data included 583k unique email addresses alongside usernames and passwords stored in plain text.

Source