A significant volume of streaming and entertainment service logins was also found, including Netflix, HBO Max, Disney+, Roblox and other platforms.

A massive database containing 149 million usernames and passwords has been discovered online without any password protection or encryption, exposing logins linked to financial services and popular platforms including Facebook, Instagram, Gmail, Netflix and Binance. The leak, first reported by WIRED, involved nearly 98GB of raw credential data, raising fresh concerns over widespread lapses in data security.
Veteran cybersecurity researcher Jeremiah Fowler, who uncovered the exposed database, confirmed that it contained 149,404,754 unique logins and passwords, including credentials linked to an estimated 48 million Gmail accounts.
Also read: Can you finally change your Gmail address? Google says yes
“The publicly exposed database was not password-protected or encrypted,” Fowler said, adding that the collection totalled “a massive 96 GB of raw credential data.” He noted that the database included thousands of files listing emails, usernames, passwords, and associated login URLs.
The exposed dataset contained usernames and passwords harvested from victims worldwide, covering virtually every type of online account in common use. The records included credentials for major social media platforms such as Facebook, Instagram, TikTok and X (formerly Twitter), along with dating apps and OnlyFans accounts, revealing login details of both creators and subscribers.
Also read: Revolutionising your inbox: Gmail integrates advanced Gemini AI capabilities
A significant volume of streaming and entertainment service logins was also found, including Netflix, HBO Max, Disney+, Roblox and other platforms. In addition, the database contained sensitive financial information, featuring credentials for banking and credit card accounts, crypto wallets, trading platforms and other financial services, based on samples reviewed from the leaked records.
Fowler estimated the scale of affected services as follows:
- Gmail – 48 million
- Facebook – 17 million
- Instagram – 6.5 million
- Yahoo – 4 million
- Netflix – 3.4 million
- Outlook – 1.5 million
Last year, Google dismissed a report claiming that over 183 million Gmail accounts were hacked. The controversy started when cybersecurity expert Troy Hunt, founder of the breach-notification site Have I Been Pwned, flagged a 3.5-terabyte database containing email credentials from multiple platforms, including Gmail, Outlook, Yahoo, and others.
Google confirmed that the leaked credentials came from past breaches collected through infostealer activity and were not the result of a targeted attack on Gmail. The company stated that its security systems are strong and continue to protect users.
Published: 24 Jan 2026, 08:15 pm IST
Get Latest Mathrubhumi Updates in English
Disclaimer: Kindly avoid objectionable, derogatory, unlawful and lewd comments, while responding to reports. Such comments are punishable under cyber laws. Please keep away from personal attacks. The opinions expressed here are the personal opinions of readers and not that of Mathrubhumi.

