An enormous database with 149 million stolen login credentials was found to be publicly accessible online without encryption or password protection This article explores gmail accounts compromised. . putting users of Gmail, Instagram, Facebook, Netflix, and thousands of other platforms at serious risk for security breaches.

149,404,754 distinct logins and passwords were extracted from the publicly available database using keylogging software and infostealer malware. Email addresses, usernames, passwords, and the precise URL links for account authorization were all included in each record. The size and total number of records in the exposed infostealer database (source: ExpressVPN) This gives hackers all they need to launch automated credential-stuffing attacks against millions of victims who might not be aware that their data has been compromised. Dissection of Exposed Accounts Alarming statistics from popular platforms and major email providers were found in a small sample of the exposed data.

Along with 4 million Yahoo accounts, 1.5 million Outlook accounts, 900,000 iCloud accounts, and 1.4 million.edu email addresses from academic institutions, about 48 million Gmail accounts were compromised. Learn more Tools for cloud security Cloud computing via VPN Exploitation of computer security Apps for secure messaging Training on Cloud Exploited Security Awareness Services for penetration testing With 17 million Facebook login credentials, 6.5 million Instagram logins, and 780,000 TikTok accounts in the dataset, social media platforms maintained significant exposure. 3.4 million Netflix accounts and other entertainment streaming services were severely impacted, and financial platforms revealed that 420,000 Binance cryptocurrency accounts were compromised.

Even 100,000 OnlyFans login credentials were in the database, which had an impact on both subscribers and content producers. The existence of credentials linked to.gov domains from multiple nations was especially alarming.

Even restricted access could allow targeted spear-phishing campaigns and impersonation attacks, even though not all government accounts allow access to classified systems. act as points of entry into government networks, endangering public safety and national security. The database also contained information about trading accounts, banking logins, credit card numbers, and cryptocurrency wallet access.

In order to arrange stolen data by victim and source, the records included structured metadata such as "host_reversed path" formatting (com.example.user.machine), with distinct line hashes acting as document IDs to avoid duplication. A web browser alone could be used to search the index (source: ExpressVPN). Slow Reaction and Increasing Danger Cybersecurity researcher Jeremiah Fowler uncovered the 96 GB repository and reported his findings to ExpressVPN as part of ongoing efforts to highlight critical data exposure threats.

Fowler used the hosting provider's abuse form to directly report the exposure after learning about it. The provider first claimed they did not host the IP address and that a subsidiary operated independently, which caused a delay in the response. Before the database was eventually suspended and made inaccessible to the general public, it took almost a month and several attempts.

Unsettlingly, there were more records between the first discovery and the last restriction, suggesting that data collection continued throughout the exposure period. Uncertainty regarding the database's purpose, duration of exposure, and potential access by third parties resulted from the hosting provider's refusal to identify the database's owner. According to a 2025 study, only 66% of American adults use antivirus software, despite security experts' advice to install it right away.

Users should use password managers with distinct login credentials for each service, enable two-factor authentication for all accounts, and keep an eye on login histories for attempts at unauthorized access. Updating operating systems, running malware scans, and checking browser extensions and app permissions should all be done right away by anyone who suspects a device infection. X, LinkedIn, and X for daily updates on cybersecurity.

To have your stories featured, get in touch with us.