Cybersecurity researcher Jeremiah Fowler recently found a large database containing over 149 million usernames and passwords. The 96GB database and Fowler’s detailed analysis were published on the ExpressVPN research blog.
A large collection of usernames and passwords from users worldwide was publicly available online. The leaked data primarily consists of email credentials, with over 48 million Gmail accounts and 1.5 million Outlook accounts compromised. Additionally, more than 6 million accounts from Yahoo, iCloud, and university (.edu) email addresses were also exposed.
The leaked database also included accounts from popular platforms like Facebook, Instagram, TikTok, OnlyFans, HBO Max, Disney+, Roblox, Binance, and X, formerly known as Twitter, according to Fowler.
As a user who follows these things, it’s really scary to hear about this data breach. Apparently, hackers got their hands on usernames and passwords from people all over the globe. What’s even worse is it wasn’t just one or two websites – they stole login info for pretty much *everything* you can think of, all kinds of online accounts!
Cybersecurity researcher Jeremiah Fowler
The situation is even more serious. Fowler’s review of the data also revealed financial information, such as cryptocurrency wallet details, bank account logins, and credit card numbers. He’s particularly worried about the discovery of government email credentials from many different countries, as this could allow unauthorized access to secure government networks and threaten national security.
That’s a wide enough swath that practically anyone plugged into the internet could be exposed. Here’s a quick estimation of Fowler’s findings:
- Gmail — 48 million
- Yahoo — 4 million
- Outlook — 1.5 million
- .edu — 1.4 million
- iCloud — 900,000
- Facebook — 17 million
- Instagram — 6.5 million
- Netflix — 3.4 million
- Binance — 420,000
- OnlyFans — 100,000
This database wasn’t created by a single hack or attack on one website. Instead, it’s a massive collection of usernames, passwords, and other private information that malware has been gathering over a long period.
According to Fowler, stolen data typically ends up stored in the cloud, often accumulating over time from many different sources. It’s likely the hackers themselves were victims of a data breach, which is how this information became publicly available.
The database doesn’t have a clear owner. When Fowler reported the security breach to the cloud provider, they weren’t able to get much further because the IP address traced back to a subsidiary operating under the provider’s control.
It took Fowler almost a month and several tries to finally shut down the exposed database. While it’s unclear how long the database had been collecting stolen information, Fowler observed that new records were still being added until it was taken offline.
As I mentioned before when discussing a previous data leak discovered by Fowler, it’s crucial to use strong, unique passwords – a password manager can really help with this. Also, enable multi-factor authentication whenever possible. That way, even if someone gets your password, they’ll still have trouble accessing your accounts.
(via Tom’s Guide)
Read More
- Best Controller Settings for ARC Raiders
- Donkey Kong Country Returns HD version 1.1.0 update now available, adds Dixie Kong and Switch 2 enhancements
- Ashes of Creation Rogue Guide for Beginners
- Sega Insider Drops Tease of Next Sonic Game
- When to Expect One Piece Chapter 1172 Spoilers & Manga Leaks
- Fantasista Asuka launches February 12
- AAA Ubisoft Games Now $6 for Limited Time
- 10 Great Netflix Dramas That Nobody Talks About
- 32 Kids Movies From The ’90s I Still Like Despite Being Kind Of Terrible
- 10 Ridley Scott Films With the Highest Audience Scores on Rotten Tomatoes
2026-01-27 17:40