In a significant cybersecurity breach, tens of millions of online login details have been exposed, with Gmail users being particularly vulnerable. This alarming discovery was made by cybersecurity expert Jeremiah Fowler, who identified a database containing a staggering 149 million compromised credentials.

Fowler reported finding thousands of files that revealed sensitive information, including emails, usernames, passwords, and even the URLs linked to account logins or authorizations. This breach paints a concerning picture of the scale at which personal data is being mishandled and exposed.

The largest portion of these compromised credentials affected Gmail users, with approximately 48 million accounts at risk. Following this were Facebook accounts, with 17 million compromised, and Instagram, with 6.5 million accounts affected. Yahoo Mail users saw around four million credentials exposed, while Netflix users faced a risk to about 3.4 million accounts. Additionally, Outlook users had 1.5 million compromised accounts.

Beyond these major platforms, the breach also included login information for other notable services such as iCloud, educational (.edu) domains, TikTok, OnlyFans, and the cryptocurrency exchange Binance. This extensive exposure serves as a stark reminder of the importance of cybersecurity and the constant threat of data breaches in the digital age.

Other notable login information was linked to iCoud, .edu, TikTok, OnlyFans and Binance. 

‘The exposed records included usernames and passwords collected from victims around the world, spanning a wide range of commonly used online services and about any type of account imaginable,’ Fowler shared in a blog post.

The database was left openly exposed online, meaning anyone who came across it could access the credentials of millions of people worldwide. 

Fowler noted that anyone who suspects their device may be infected with malware should act quickly by updating their operating system, installing or updating security software, and scanning for suspicious or malicious activity. 

Users should also review app permissions, settings and installed programs, and only download apps or extensions from official app stores, he added.

The exposed data set included 149 million login credentials, with the most belonging to Gmail users

Daily Mail has contacted Google for comment. 

A spokesperson told Forbes: ‘We are aware of reports regarding a dataset containing a wide range of credentials, including some from Gmail. 

‘This data represents a compilation of ‘infostealer’ logs, credentials harvested from personal devices by third-party malware, that have been aggregated over time. 

‘We continuously monitor for this type of external activity and have automated protections in place that lock accounts and force password resets when we identify exposed credentials.’ 

Fowler said he saw a range of social media platforms in the data leak, along with dating sites.

‘I also saw a large number of streaming and entertainment accounts, including Netflix, HBOmax, DisneyPlus, Roblox, and more,’ he shared in the report.

‘Financial services accounts, crypto wallets or trading accounts, banking and credit card logins also appeared in the limited sample of records I reviewed.’  

The cybersecurity expert was unable to track down the owner of the database, but was able to suspend the host after one month of work, taking all the credentials offline. 

The largest batch of stolen credentials was from Gmail, with an estimated 48 million 

‘It is not known how long the database was exposed before I discovered and reported it or others may have gained access to it,’ said Fowler.

‘One disturbing fact is that the number of records increased from the time I discovered the database until it was restricted and no longer available.’ 

The database appeared to contain information collected by keylogging and ‘infostealer’ malware, which is software that secretly steals usernames and passwords from infected devices.

Unlike similar malware data seen before, this database also recorded extra details about where the stolen information came from. It organized the data using a reverse computer or website name, which helped neatly sort the stolen credentials by victim and source.

This format may also have been used to avoid simple security checks that look for normal website addresses.

Each stolen entry was given a unique digital identifier, making sure no records were duplicated. A limited review confirmed that each record appeared only once.

‘Because the data includes emails, usernames, passwords, and the exact login URLs, criminals could potentially automate credential-stuffing attacks against exposed accounts, including email, financial services, social networks, enterprise systems, and more,’ Fowler said.

‘This dramatically increases the likelihood of fraud, potential identity theft, financial crimes, and phishing campaigns that could appear legitimate because they reference real accounts and services.’