A recent leak revealed 149 million logins and passwords exposed online , including accounts for financial services, social media, gaming, and dating sites. The discovery was made by researcher Jeremiah Fowler and shared with ExpressVPN. The amount of data was staggering: over 96 GB of unprotected and unencrypted information, easily accessible to anyone.
The database contained emails, usernames, passwords, and direct login links. This isn’t an isolated case: ” Infostealer ” malware continues to harvest credentials from around the world. This case demonstrates that cybercriminals can also become victims of leaks, especially when data is stored in public cloud repositories.
The accounts affected were extremely diverse, ranging from social networks like Facebook, Instagram, TikTok, and X, to dating sites and platforms like OnlyFans, to streaming accounts like Netflix, DisneyPlus, and Roblox.
Financial accounts, crypto wallets, bank accounts, and credit cards are all exposed. Even credentials linked to government domains have been exposed, posing risks to national security and individual privacy.
The data exposure potentially enabled credential stuffing attacks, where malicious actors automate access to stolen accounts. This increases the likelihood of fraud, identity theft, financial crimes, and extremely realistic phishing campaigns.
Email accounts are typically accessed via a username and password. We know that this username and password must be carefully stored and protected from prying eyes, both when MFA is enabled and, especially, when it is disabled or unusable.
These key pairs, username and password, must also be protected from infostealers. An infostealer—or information stealer—is a type of malware that is installed on a workstation and steals all the information a user types on the keyboard and sends it to a remote server controlled by an attacker.
Bank logins, email logins, and logins to any account or user profile, such as Netflix, Disney Plus, Instagram, or Facebook, are constantly sent to the “botmaster.” The botmaster is a malicious individual who controls the botnet of infected computers and sells this information on underground forums, sometimes creating APIs to interface with various marketplaces and sometimes—for larger botnets—even with cyber threat intelligence (CTI) tools called “dark feeds.”
Getting an infostealer is very simple, for example by downloading an infected file—such as software activation keygens—or non-genuine software, or by clicking on an infected attachment.
At Red Hot Cyber, we’ve often highlighted the phenomenon of botnets and the data these malware collects from individual devices. This information is then resold on underground markets and is often the starting point for attacks on computer systems, providing access credentials or valuable information to cybercriminals.
The database used keylogging and infostealer malware , capturing additional information such as the reversed hostname, which was useful for indexing victims. Each record was unique and organized to avoid duplication. Accessing the data was simple: all it took was a browser to view the entire content.
Protecting yourself is complex but possible. Using up-to-date antivirus software is essential , as is reviewing apps, permissions, and running processes on devices. Encrypted password managers can reduce some risks, although they aren’t a complete solution against advanced malware. Regular operating system and security software updates remain essential.
Businesses and individuals should be aware that malware, malicious attachments, fake updates, and compromised browser extensions can quickly compromise credentials. Prevention also involves digital education and constant vigilance over one’s online information.
Jeremiah Fowler ‘s discovery and subsequent reporting to the provider led to the suspension of database hosting after several weeks. However, the potential damage remains high, considering that millions of credentials remained accessible for an extended period.
The incident highlights how fragile data security is and how essential it is to constantly monitor and protect your digital information. Password management and cybersecurity are no longer optional, but a daily necessity.
The figures show that among the most affected accounts are Gmail with 48 million logins, Facebook with 17 million, Instagram with 6.5 million, and Netflix with 3.4 million. These numbers demonstrate how vulnerable even the most popular and widespread services are.
To reduce exposure, it’s recommended to adopt two-factor authentication, periodically check for suspicious activity, and use reliable credential management tools. Digital security depends as much on user habits as it does on the robustness of services.
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
