A huge database containing 149 million usernames and passwords from across the internet has been taken offline after a security researcher flagged it to the company hosting it. The exposed data included login details linked to major services such as Gmail, Facebook, and the cryptocurrency platform Binance, according to a report by WIRED.
The database was discovered by Jeremiah Fowler, a longtime security analyst who regularly tracks exposed data online. Fowler said he could not identify who owned or controlled the database. After confirming that it was publicly accessible, he contacted the hosting provider, which eventually removed the data for violating its terms of service.
The scale of the exposure was massive. Along with 48 million Gmail logins, the database reportedly contained 17 million Facebook credentials and around 420,000 logins linked to Binance. There were also millions of usernames and passwords tied to other services, including Yahoo, Microsoft Outlook, Apple iCloud, Netflix, TikTok, and even academic and government systems from multiple countries. Some entries also appeared to include banking and credit card login details.
What made the database particularly concerning was how easy it was to access. Fowler said the information could be viewed and searched using nothing more than a regular web browser. There were no passwords or protections blocking access to the data.
Fowler believes the database was likely created using “infostealer” malware. This type of malicious software infects computers and quietly records what people type, including usernames and passwords, using methods like keystroke tracking. The stolen information is then sent back to whoever controls the malware.
While Fowler was trying to get the database taken down — a process that took nearly a month — the data kept growing. New login details continued to appear, suggesting the system was still actively collecting information. The database also appeared to automatically sort and label each set of credentials, making it easier to search and manage large amounts of stolen data.
Although Fowler did not determine who was using the information or for what purpose, he said the structure of the database suggested it could be used to sell specific sets of login details to cybercriminals running different kinds of scams.
Security experts say this incident highlights a growing problem. As more data is stolen and stored online without protection, the risk to users keeps increasing. Recorded Future analyst Allan Liska said infostealer malware has made cybercrime easier than ever, allowing criminals to collect huge volumes of data at a relatively low cost.
For everyday users, the incident is another reminder of why strong, unique passwords and two-factor authentication are more important than ever.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
