Massive Leak Exposes 149 Million Stolen Passwords, Including 48 Million Gmail Accounts
WASHINGTON, D.C. — A staggering cache of 149 million stolen usernames and passwords was discovered publicly exposed online, raising urgent concerns about digital security for millions of users. The database, found by cybersecurity researcher Jeremiah Fowler, contained approximately 96 gigabytes of raw credential data, including email addresses, passwords, usernames, and direct login URLs for accounts across a variety of popular services. Alarmingly, the data was neither password-protected nor encrypted, making it accessible to anyone who stumbled upon it.
Among the most affected were Gmail accounts, with an estimated 48 million credentials compromised, followed by 17 million Facebook accounts and 6.5 million Instagram profiles. Other notable platforms impacted include Yahoo Mail with 4 million accounts, Netflix with 3.4 million, Outlook at 1.5 million, and approximately 900,000 iCloud Mail accounts. The breach also included roughly 1.4 million .edu email accounts, highlighting the wide-ranging nature of the exposure.
Fowler emphasized that this was not the result of a new breach targeting Google, Meta, or other companies directly. Instead, the database appears to be a compilation of credentials aggregated over time from previous breaches and malware infections. Some records even showed evidence of info-stealing malware, which silently captures credentials from infected devices. Despite not being a fresh hack, the risk to users remains significant, as these credentials could be used for unauthorized access or further cyberattacks.
Experts urge users to immediately review their account security practices. The Cybersecurity and Infrastructure Security Agency recommends changing passwords regularly, enabling multi-factor authentication, and monitoring accounts for suspicious activity. Additionally, the Have I Been Pwned service allows individuals to check whether their email addresses have appeared in known data breaches.
The Federal Trade Commission also advises users to be vigilant against phishing attempts and to use unique, strong passwords for different accounts. Utilizing password managers can help generate and store complex passwords securely, reducing the risk of credential reuse.
This incident underscores the ongoing challenges in protecting personal information in an increasingly digital world. The Federal Bureau of Investigation’s Cyber Division continues to investigate such leaks and encourages the public to report any suspicious cyber activity.
As the digital landscape evolves, users must remain proactive in safeguarding their online identities. With millions of credentials exposed, the fallout from this massive leak serves as a stark reminder of the importance of cybersecurity vigilance.
Leave a Reply