At a Glance
- Nearly 150 million email and social media accounts may have been compromised.
- Database contains 149,404,754 unique logins, with 48 million Gmail accounts alone.
- Users face higher risk of fraud, phishing, and identity theft.
Why it matters: Millions of personal accounts could be used by cybercriminals, increasing the likelihood of financial loss and privacy breaches.
A recently uncovered database has exposed almost 150 million unique logins and passwords, spanning popular email providers and social media sites. The unprotected data, which includes Gmail, Yahoo, Outlook, Facebook, Instagram, TikTok, and more, could enable a wide range of cyberattacks. Cybersecurity researcher Jeremiah Fowler warned that the sheer scale of the breach signals a growing threat to everyday users.
The Size and Scope of the Leak
Fowler’s report details a database that was not password-protected or encrypted. The collection holds 149,404,754 unique logins and passwords for various email, social media, and streaming accounts.
Email Accounts
| Provider | Logins | Notes |
|---|---|---|
| Gmail | 48 million | Largest share of the breach |
| Yahoo | 4 million | |
| Outlook | 1.5 million | |
| iCloud | 900 000 | |
| .edu | 1.4 million |
Social Media and Streaming
| Platform | Logins |
|---|---|
| 17 million | |
| 6.5 million | |
| Netflix | 3.4 million |
| TikTok | 780 000 |
| Binance | 420 000 |
| OnlyFans | 100 000 |
The data set covers a broad spectrum of services, from mainstream email providers to niche financial platforms.
What Criminals Can Do With the Data
Fowler explained that criminals often set up databases like this one to prioritize speed and scale over security. The information logged-emails, usernames, passwords, and exact login URLs-provides a ready-made toolkit for a variety of attacks.
- Phishing campaigns that appear legitimate because they reference real accounts and services.
- Identity theft by using personal credentials to access financial or sensitive accounts.
- Fraudulent transactions through compromised banking or payment accounts.
He added that the database signals a trend: “credential theft has become a large-scale business that will only continue to be a threat.”
How Users Can Protect Themselves
Fowler recommends a multi-step approach to mitigate risk. The steps are designed to help users spot unauthorized activity and strengthen account security.
- Review login history, locations, devices, and failed attempts regularly.
- Update account security measures if suspicious activity is detected.
- Enable two-factor authentication (2FA) or biometric protections on all accounts.
- Use a password manager to generate and store strong, unique passwords.
- Install anti-virus software and keep operating systems and security tools up to date.
“As a general rule never reuse passwords across different sites, applications, or services,” Fowler wrote. “Taking these basic steps can help protect against or prevent an account compromise.”
The Bigger Picture
The sheer volume of compromised accounts highlights the ongoing evolution of cybercrime. While the database itself is already a threat, the potential for future attacks grows as more users become aware of the leak and attempt to change credentials.
The findings also underscore the importance of robust security practices for both individuals and service providers. Unencrypted databases, like the one Fowler discovered, represent a glaring vulnerability that can be exploited on a massive scale.
Takeaway
- Nearly 150 million accounts are now potentially vulnerable.
- The leak includes a wide range of services, from Gmail to OnlyFans.
- Users must actively monitor and strengthen their account security.
- Cybercriminals can use the data for phishing, identity theft, and fraud.
By following the recommended steps-regularly reviewing login activity, enabling 2FA, and using a password manager-users can reduce their exposure to these threats.
Never miss a story – sign up for News Of Los Angeles‘s free daily newsletter to stay up-to-date on the best of what News Of Los Angeles has to offer, from cybersecurity alerts to human interest stories.
