Urgent warning to Gmail users as 149 million usernames and passwords are exposed: Take action NOW
Tens of millions of online login credentials were compromised in a massive data leak, leaving Gmail users at the highest risk.
This disclosure was uncovered by cybersecurity researcher Jeremiah Fowler, revealing a database of 149 million compromised credentials.
“I saw thousands of files containing emails, usernames, passwords, and login or authorization URL links for accounts,” Fowler shared in the report.
The largest portion of stolen credentials came from Gmail with an estimated 48 million, followed by Facebook with 17 million, 6.5 million were linked to Instagram, 4 million were from Yahoo Mail, Netflix credentials totaled approximately 3.4 million, and there were 1.5 million from Outlook.
Other notable logins were linked to iCoud, .edu, TikTok, OnlyFans, and Binance.
“The exposed records included usernames and passwords collected from victims around the world, covering a wide range of commonly used online services and every conceivable account type,” Fowler shared in a blog post.
The database has been publicly exposed online, meaning anyone who stumbles upon it will have access to the personally identifiable information of millions of people around the world.
Fowler noted that anyone who suspects their device is infected with malware should act quickly by updating the operating system, installing or updating security software, and scanning for suspicious or malicious activity.
Users should also review app permissions, settings, and installed programs and only download apps or extensions from official app stores, he added.
The exposed dataset contained 149 million login information, most of which belonged to Gmail users.
A Google spokesperson told the Daily Mail: ‘We are aware of reports of a dataset containing a wide range of personally identifiable information, including some from Gmail.
‘This data represents a compilation of ‘spoof’ logs, credentials collected from personal devices by third-party malware and aggregated over time.
‘We constantly monitor for such external activity and have automated protections in place that lock accounts and require passwords to be reset when we detect that credentials have been compromised.’
They also noted that this was not a new breach, but that the database pulled existing compromised credentials into one place.
Fowler said he sees various social media platforms as well as dating sites in the data leak.
“I also saw a multitude of streaming and entertainment accounts, including Netflix, HBOmax, DisneyPlus, Roblox, and more,” he said. report.
‘The limited sample of records I reviewed also revealed financial services accounts, crypto wallets or trading accounts, and banking and credit card login information.’
The cybersecurity expert was unable to find the owner of the database, but after a month of work, he managed to suspend the host, taking all credentials offline.
Join the discussion
After so many data leaks, how safe do you feel trusting your personal information to big tech?
The largest portion of stolen credentials was from Gmail, with an estimated 48 million credentials.
“It is unknown how long the database was exposed before I discovered it and reported it, or others may have gained access to it,” Fowler said.
‘A disturbing fact is that from the moment I discovered the database the number of records increased until it was restricted and no longer accessible.’
The database was revealed to contain information collected by keylogging and ‘sphishing’ malware, which is software that secretly steals usernames and passwords from infected devices.
Unlike similar malware data seen before, this database also recorded extra details about where the stolen information came from. He organized the data using reverse computer or website name, which helped properly sort the stolen credentials by victim and source.
This format may also have been used to evade simple security checks that look for regular website addresses.
Each stolen entry was given a unique digital identifier, ensuring no recordings were copied. A limited review confirmed that each record appeared only once.
“Because the data includes emails, usernames, passwords, and full login URLs, criminals can potentially automate credential stuffing attacks against exposed accounts, including email, financial services, social networks, enterprise systems, and more,” Fowler said.
‘This significantly increases the likelihood of fraud, potential identity theft, financial crimes and phishing campaigns that may appear legitimate because they refer to real accounts and services.’
