Gmail, Netflix, Social Media & More: 149M Credentials Exposed in Massive Data Leak

Gmail, Netflix, Social Media & More: 149M Credentials Exposed in Massive Data Leak

Kaelee Nelson, M.A. (Digital Humanities) | Data Analyst & Researcher
Kaelee Nelson, M.A. (Digital Humanities) | Data Analyst & Researcher Author
Updated on 3 min read

A substantial cache of login credentials—spanning over 149 million unique usernames and passwords—was recently discovered in a publicly accessible cloud database. The credentials, which reportedly amount to 96 GB of raw data, include accounts from popular dating apps, social media platforms, banking sites, and even government domains.

While the origins of the breach remain uncertain, experts caution that the exposed information highlights ongoing threats associated with credential-stealing malware.

Key Takeaways

  • Over 149 million usernames and passwords were found in a single cloud database, including accounts from social media, financial services, and government domains.
  • The database contained 96 GB of exposed credential data, accessible to anyone who found the repository before it was suspended.
  • Affected platforms include Gmail, Facebook, Instagram, and others.
  • The breach is linked to infostealing malware, with no confirmed owner of the leaked data.
  • It is unclear how long the database was available on the dark web before it was taken down.
  • Risks include potential identity fraud, phishing, and account takeovers across multiple services.

How it happened

This data breach did not result from a single company hack or technical malfunction. Instead, cybersecurity researchers found a cloud database filled with stolen credentials, likely harvested over time by malicious actors using infostealing malware.

These programs infect computers and mobile devices—often through risky downloads, phishing emails, or software vulnerabilities—then silently collect usernames, passwords, and other private information as people log into their accounts.

Once harvested, this data was stored in a cloud repository accessible to anyone who found it on the dark web. The database lacked basic security protections and had no information about its owner. Despite being reported to the hosting provider, it took nearly a month and multiple attempts before the exposed data was finally removed.

During that window, the number of available records continued to grow, suggesting ongoing collection or aggregation from infected devices worldwide.

What information was exposed

  • Email addresses and usernames
  • Passwords (for a wide range of platforms)
  • Login URLs for associated accounts
  • In some cases, credit card or banking login data
  • Government (.gov) and educational (.edu) account credentials
  • Social media accounts (Facebook, Instagram, TikTok, and others)
  • Entertainment and financial service accounts (Netflix, OnlyFans, trading accounts, cryptocurrency wallets)
  • Estimated scale: 149 million unique logins, including
    • Gmail (48M)
    • Facebook (17M)
    • Instagram (6.5M)
    • and more

Why this matters

The exposure of such a vast and varied set of login credentials matters for anyone who relies on online services for communication, entertainment, finance, or work. When credentials are leaked at this scale, individuals and families could face risks such as identity theft, financial fraud, unauthorized access to sensitive platforms, and tailored phishing attacks.

Even government-linked accounts from multiple countries were among those compromised, raising concerns about public sector impersonation or broader impacts on security. For everyday users, this means that attackers may attempt to use stolen credentials to access not only primary accounts but also connected services, increasing the potential for personal or financial harm.

What to do now

  • Reset passwords for any affected accounts, especially those using the same credentials across multiple platforms.
  • Use unique, strong passwords for each account and consider a password manager.
  • Enable multi-factor authentication wherever possible.
  • Monitor financial statements and account activity for signs of unauthorized access.
  • Be wary of phishing emails or unexpected login notifications.
  • If you have government or educational accounts, alert your institution’s IT/security team.
  • For financial or banking accounts, consider contacting your bank and monitoring for suspicious activity.
  • If you suspect your personal photos or images may be affected, perform a reverse image search to see if they appear elsewhere.
  • Report identity theft to the FTC at ReportFraud.ftc.gov

Stay secure with OmniWatch

OmniWatch helps protect your online identity with continuous monitoring and real-time alerts if your credentials appear in known data leaks. Our platform empowers you to respond quickly to threats and reduce your risk of identity fraud.

Sources

https://www.securitymagazine.com/articles/102095-149m-credentials-exposed-facebook-instagram-government-and-more-included