3 AM
Wednesday, June 10, 2026
Trends Flash News
Home / Technology / Cybersecurity

Massive Leak of 149 Million Usernames and Passwords Found Online

Published By:  Yashi Sharma Published: Jan 24, 2026
Add as a preferred source on Google
Massive Leak of 149 Million Usernames and Passwords Found Online

A huge database containing 149 million usernames and passwords was discovered openly on the internet, exposing login details for many popular services, researchers say. This massive credential leak has raised serious concerns about online security and personal data protection.


What Was Exposed?

The unsecured database included login information for users worldwide. Some of the biggest services affected were:

  • 48 million Gmail accounts

  • 17 million Facebook accounts

  • Millions of accounts for Yahoo, Outlook, Apple iCloud

  • Streaming and entertainment platforms like Netflix and TikTok

  • Social and adult sites like OnlyFans

  • About 420,000 Binance cryptocurrency accounts

  • Even logins tied to government systems, banking, and credit card services were seen in the leaked data.

The database could be accessed without a password or encryption and was searchable through a regular web browser, making the leak extremely dangerous for affected users.


How Was the Data Collected?

Security researcher Jeremiah Fowler found the exposed database and contacted the hosting provider to report it. While the owner of the data is not known, researchers believe the credentials were gathered by malware that infects devices and quietly records anything users type, including usernames and passwords before sending it to a central server. This type of malware is often called infostealer.


Why This Is Dangerous

Because the data includes usernames and passwords from so many different services, cybercriminals could misuse this information in many ways, such as:

  • Trying the same login on other sites to hijack accounts (known as credential stuffing)

  • Sending targeted phishing emails to trick users

  • Stealing identities or accessing financial accounts
    Experts warn that using the same password on multiple sites makes things even riskier.


What Has Been Done So Far

After being informed, the hosting provider removed the unsecured database for violating its service terms. However, while it was online, the database continued to grow as more credentials were added over time.


What Users Should Do Now

Security experts recommend that anyone who uses online services should:

  1. Change their passwords immediately, especially for email, banking, and social accounts.

  2. Avoid using the same password on multiple sites.

  3. Enable two-factor authentication (2FA) wherever possible, this adds an extra layer of security beyond just a password.

  4. Use strong, unique passwords and consider a password manager to keep track of them.

  5. Be alert to suspicious emails or logins that could be phishing attempts. 

Related News
Xiaomi 17T Pro: Price, Specs, Launch Date and Everything Leaked So Far
Apr 30, 2026
Sony Raises PS5 Prices in Southeast Asia from May 1: What It Means for Gamers
Apr 29, 2026
Apple iPhone Fold: Everything We Know So Far About Apple’s First Foldable iPhone
Apr 19, 2026
Anthropic launches Claude Design: A new AI tool that can create visuals in seconds
Apr 18, 2026
DJI Osmo Pocket 4 Launched: 4K 240fps Video, ActiveTrack 7.0 and Built-in Storage: Check Price
Apr 17, 2026
Go back to top