+ +

149 Million Usernames and Passwords Exposed by Unsecured Database

+ +

Updated: January 24, 2026
+ Category: Cybersecurity, Data Breach, Breaking News

+ + +

+ A massive unsecured database exposing 149 million usernames and passwords + has been discovered online, leaving login credentials for some of the world’s most popular + services openly accessible on the internet. +

+ +

+ Security researchers say the database required no password, authentication, or encryption, + making it accessible to anyone who found it. The dataset appears to contain credentials + harvested from prior breaches and malware-based attacks, raising immediate concerns about + account takeovers, fraud, and identity theft. +

+ +

What Was Exposed

+ +

+ According to published reports, the exposed database contained login credentials associated + with a wide range of online platforms, including: +

+ +

48 million Gmail accounts
17 million Facebook accounts
6.5 million Instagram accounts
4 million Yahoo accounts
3.4 million Netflix credentials
1.5 million Microsoft Outlook accounts
900,000 Apple iCloud logins
780,000 TikTok accounts
420,000 Binance cryptocurrency accounts
100,000 OnlyFans accounts

+ +

+ The dataset reportedly totaled approximately 96GB and was structured to associate + usernames and passwords with specific services. Initial reporting by + WIRED, + along with confirmation from + Tom’s Guide + and + TechRepublic, + outlined the scope of the exposure. +

+ +

How the Data Was Collected

+ +

+ Security researchers believe the database was not the result of a direct breach + at any single company. Instead, the credentials appear to have been collected over time + using infostealer malware — malicious software that extracts login data from infected + devices by scraping browsers and capturing keystrokes. +

+ +

+ Once aggregated, the credentials were stored in a centralized database that was left + publicly exposed. The hosting provider reportedly took the database offline after being + notified, though it remains unclear how long the data was accessible. +

+ +

Why This Matters

+ +

+ Credential databases of this size are frequently exploited for: +

+ +

Credential stuffing attacks
Account takeovers
Identity theft
Financial and cryptocurrency fraud
Targeted phishing campaigns

+ +

+ Because many users reuse passwords across multiple services, a single exposure can lead to + widespread secondary compromises affecting email, banking, cloud platforms, + and corporate systems. +

+ +

Are You Affected?

+ +

+ There is currently no official list of affected users or platforms. However, security + experts advise anyone who has reused passwords at any point to assume potential exposure. +

+ +

+ Users are urged to: +

+ +

Change reused passwords immediately
Secure email accounts first
Enable multi-factor authentication (MFA)
Monitor accounts for suspicious activity

+ +

A Growing Pattern of Exposure

+ +

+ This incident underscores an ongoing cybersecurity issue: misconfigured cloud databases + left exposed to the public internet. Despite repeated warnings from security agencies, + unsecured storage remains one of the leading causes of large-scale credential leaks. +

+ +

+ Reporting from + + The Economic Times + + notes that once data is exposed, it is often copied and redistributed — + even after the original source is secured. +

+ +

Breaking Updates

+ +

+ This is a developing story. Additional information may emerge regarding how long the + database was exposed and whether the data was accessed by malicious actors before being + taken offline. +

+ +

Bookmark this page for updates.

+ +