Cybersecurity researcher Jeremiah Fowler recently found a large database containing over 149 million usernames and passwords. The 96GB database and Fowler’s detailed analysis were published on the ExpressVPN research blog.
A large collection of usernames and passwords from users worldwide was publicly available online. The leaked data primarily consists of email credentials, with over 48 million Gmail accounts and 1.5 million Outlook accounts compromised. Additionally, more than 6 million accounts from Yahoo, iCloud, and university (.edu) email addresses were also exposed.
The leaked database also included accounts from popular platforms like Facebook, Instagram, TikTok, OnlyFans, HBO Max, Disney+, Roblox, Binance, and X, formerly known as Twitter, according to Fowler.
As a user who follows these things, it’s really scary to hear about this data breach. Apparently, hackers got their hands on usernames and passwords from people all over the globe. What’s even worse is it wasn’t just one or two websites – they stole login info for pretty much *everything* you can think of, all kinds of online accounts!
Cybersecurity researcher Jeremiah Fowler
The situation is even more serious. Fowler’s review of the data also revealed financial information, such as cryptocurrency wallet details, bank account logins, and credit card numbers. He’s particularly worried about the discovery of government email credentials from many different countries, as this could allow unauthorized access to secure government networks and threaten national security.
That’s a wide enough swath that practically anyone plugged into the internet could be exposed. Here’s a quick estimation of Fowler’s findings:
- Gmail — 48 million
- Yahoo — 4 million
- Outlook — 1.5 million
- .edu — 1.4 million
- iCloud — 900,000
- Facebook — 17 million
- Instagram — 6.5 million
- Netflix — 3.4 million
- Binance — 420,000
- OnlyFans — 100,000
This database wasn’t created by a single hack or attack on one website. Instead, it’s a massive collection of usernames, passwords, and other private information that malware has been gathering over a long period.
According to Fowler, stolen data typically ends up stored in the cloud, often accumulating over time from many different sources. It’s likely the hackers themselves were victims of a data breach, which is how this information became publicly available.
The database doesn’t have a clear owner. When Fowler reported the security breach to the cloud provider, they weren’t able to get much further because the IP address traced back to a subsidiary operating under the provider’s control.
It took Fowler almost a month and several tries to finally shut down the exposed database. While it’s unclear how long the database had been collecting stolen information, Fowler observed that new records were still being added until it was taken offline.
As I mentioned before when discussing a previous data leak discovered by Fowler, it’s crucial to use strong, unique passwords – a password manager can really help with this. Also, enable multi-factor authentication whenever possible. That way, even if someone gets your password, they’ll still have trouble accessing your accounts.
(via Tom’s Guide)
Read More
- Everything You Need To Know About Nikki Baxter In Stranger Things’ Animated Spinoff
- The Boys Season 5, Episode 5 Ending Explained: Why Homelander Does THAT
- Taylor Sheridan’s Gritty 5-Part Crime Show Reveals New Final Season Villain
- Why There’s No Ghosts Tonight (Nov 27) & When Season 5, Episode 7 Releases
- How to Build Water Elevators and Fountains in Enshrouded
- Welcome to Demon School! Iruma-kun season 4 release schedule: When are new episodes on Crunchyroll?
- From season 4 release schedule: When is episode 2 out on MGM+?
- FRONT MISSION 3: Remake coming to PS5, Xbox Series, PS4, Xbox One, and PC on January 30, 2026
- Ashley’s Powers in The Boys Season 5 Explained & Why They Don’t Work On [SPOILER]
- Anna Wintour Reacts to Rumors She Approves All Met Gala Looks
2026-01-27 17:40