Massive data breach alert: A massive data leak has exposed 149 million usernames and passwords after an unprotected database was discovered online, according to a report by WIRED. The 98GB collection of credentials includes logins linked to financial services as well as popular platforms such as Facebook, Instagram, Gmail, Netflix, and the cryptocurrency exchange Binance, potentially putting millions of users at risk. The incident highlights serious lapses in data security and raises questions about how such a vast amount of sensitive information was left publicly accessible.
149 million accounts exposed
Cybersecurity researcher Jeremiah Fowler, who uncovered the database and detailed his findings in a report, said it contained 149,404,754 unique login and password combinations. Gmail accounts made up the largest portion, with around 48 million credentials affected, followed by Facebook with 17 million.
Add Zee News as a Preferred Source
Instagram accounted for approximately 6.5 million compromised logins, while Yahoo had about 4 million, Netflix 3.4 million, and Outlook roughly 1.5 million.Moreover, the database also included around 4 million Yahoo accounts, 1.5 million Microsoft Outlook accounts, 900,000 Apple iCloud accounts, and 1.4 million .edu accounts from academic and institutional users.
Leaked database taken offline
Around 420,000 credentials were linked to Binance. Although the database has now been taken offline, it reportedly took more than a month for it to be removed. However, the Security analyst Jeremiah Fowler said he could not identify who owned or controlled the exposed database. He then contacted the hosting service, which eventually removed the data for violating its terms of service.
While examining the records, Fowler found email and social media logins along with credentials linked to government systems in several countries. The database also included consumer banking, credit card details and accounts from media streaming platforms. Fowler believes the data was likely collected using infostealing malware. (Also Read: Redmi Note 15 Pro series India launch date confirmed for January 29; check expected display, camera, battery, AI features, price, and other specs)
Malware harvested millions of logins
This type of malware infects devices and records information typed by users, often through keylogging. He added that during the nearly one month it took to reach the hosting provider, the database continued to grow with new logins from multiple services. Fowler did not name the hosting company, saying it is a global provider that works through regional partners. One of these partners hosted the database in Canada.
How to prevent data breaches involving usernames and passwords
Pointer 1: Use strong, unique passwords for every account and avoid reusing the same credentials across multiple platforms.
Pointer 2: Enable two-factor authentication (2FA) wherever possible to add an extra layer of security beyond passwords.
Pointer 3: Keep software and devices updated to protect against known vulnerabilities exploited by malware and hackers.
Pointer 4: Avoid clicking on suspicious links or downloads, as infostealing malware often spreads through phishing emails and fake websites.
Pointer 5: Regularly monitor accounts for unusual activity and change passwords immediately if a breach or leak is suspected.
