Quickly
Socially
Trending
Crypto
San Francisco, January 25: A massive database containing 149 million account usernames and passwords has been discovered exposed on the open internet, according to security researchers. The trove included sensitive login details for high-profile platforms, including 48 million Gmail accounts, 17 million Facebook profiles, and 420,000 credentials for the cryptocurrency exchange Binance.
The discovery was made by veteran security analyst Jeremiah Fowler, who reported that the data was publicly accessible and searchable via a standard web browser. The database, which was hosted by an affiliate provider in Canada, has since been taken down after the hosting company was notified of the breach. Gmail Spam Filter Busted: Promotional Emails and Spam Flood Inboxes As Google Confirms Technical Glitch Affecting Security Scans, Say Reports.
Infostealing Malware Security Risk
Security experts believe the database was likely compiled using infostealing malware. This type of malicious software infects personal devices and employs techniques like keylogging to record everything a user types into a website. Unlike traditional data breaches that target a single company's servers, this method captures credentials from a wide variety of services directly from the victim's hardware.
In addition to mainstream email and social media accounts, the leak contained login information for government systems across multiple countries, consumer banking portals, and credit card accounts. Fowler noted that the database appeared to be structured for easy indexing, suggesting it was designed to be queried by cybercriminals looking for specific types of data to facilitate fraud or identity theft.
Cybersecurity Best Practices For Users
The sheer scale of the exposure highlights the growing threat of automated credential harvesting. Beyond Gmail and Facebook, the logs included 4 million Yahoo accounts, 1.5 million Microsoft Outlook logins, and 900,000 Apple iCloud credentials. Entertainment and academic sectors were also hit, with millions of logins for Netflix, TikTok, and .edu institutional accounts found in the records.
Industry analysts warn that the barrier to entry for such cybercrimes is remarkably low. Renting the infrastructure required to run infostealing malware can cost as little as USD 200 to USD 300 per month. This affordability allows criminals to amass hundreds of thousands of new credentials with minimal investment, making it vital for users to employ multi-factor authentication and unique passwords for every service.
Global Impact of Credential Leaks
While the database has been removed from public view, the incident underscores the vulnerability of remotely stored digital identities. The data remained accessible for nearly a month while researchers worked to identify the host, during which time the database continued to grow with fresh logins. Microsoft Hands Over BitLocker Encryption Keys to FBI To Unlock Data in Guam Fraud Investigation; Tech Giant Faces Criticism Over User Privacy.
The ACLU and other privacy advocates have frequently warned that the accumulation of such vast troves of data by unknown actors poses a significant risk to personal safety and national security. As the investigation into the origins of this specific database continues, users are urged to monitor their accounts for suspicious activity and update their security settings immediately.
(The above story first appeared on LatestLY on Jan 25, 2026 08:09 AM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).
Share Now
Google Trends
Live Bot