A recent data breach is attracting widespread attention. Over 149 million login credentials for well-known online services have been publicly exposed on the internet. Affected services include email accounts, social networks, streaming services, and cloud platforms. This incident clearly demonstrates that a data breach doesn't necessarily have to result from a direct attack on large companies to have serious consequences.
At first glance, the incident appears to be a classic hacking attack on large tech companies. However, neither Google nor Meta, nor any other providers, were actually directly compromised. There was no intrusion into internal systems and no theft from company databases.
This data leak occurred through a different route. The published login credentials came from a massive collection gathered using so-called infostealer malware. According to a report by ExpressVPN, cybersecurity researcher Jeremiah Fowler discovered an unsecured online database containing approximately 96 gigabytes of raw data. This database contained exactly 149,404,754 unique combinations of usernames, passwords, and the corresponding services. Many records also included direct links to the respective platforms through which the login credentials were used.
The extent of the data leak
Which services are affected?
Analysis of the open database reveals the widespread nature of this data leak. It contained login credentials for virtually all known online services. The following services were particularly affected:
- Gmail: approximately 48 million login credentials
- Facebook: approximately 17 million
- Instagram: approx. 6.5 million
- Yahoo: approximately 4 million
- Netflix: approx. 3.4 million
- Outlook: approximately 1.5 million
- iCloud: approximately 900,000
- TikTok: approx. 780,000
- Binance: approximately 420,000
- OnlyFans: approximately 100,000
Additionally, logins to numerous other platforms such as HBO Max, Disney Plus, Roblox, X, and other services were found. These providers were highlighted because a large portion of the data was linked to accounts on these platforms.
Why this data leak is particularly problematic
With such a large amount of access data, other cybercriminals can carry out targeted further attacks. The widespread reuse of passwords is particularly critical in this regard.
Once login credentials for an account are known, they are automatically tested on other platforms. If the same password is used multiple times, a single compromised account can be enough to gain access to many other services.
Infostealer malware as the actual cause of the data leak
The source of this data leak is a specific type of malware known as an infostealer. Unlike traditional malware, it typically doesn't remain permanently on a system but instead focuses on collecting information. This includes, among other things:
- recording keyboard input
- Reading stored browser passwords
- Access to cookies, session data and autofill information
- the collection of personal and technical data
This information is then compiled and transmitted to the malware operators.
Storage of the stolen data
Cybercriminals also use cloud infrastructure. The stolen login credentials must be stored before they can be resold or used for further attacks. In this case, they ended up in an online database without password protection.
While companies can be held liable for such errors, no regulatory mechanisms apply to criminal actors. If such a database is discovered, other criminals can also use the data, for example for phishing, fraud, or further account takeovers.
The discovery of the open database
After discovering the database, Jeremiah Fowler initially tried to identify the operator. However, the database contained no information about a responsible person or organization.
He then reported the incident directly to the hosting provider via an online form. Only after several attempts to contact them and almost a month later was the database finally taken offline after the hosting service was suspended.
It remains unclear how long the database was publicly accessible. It is noteworthy that the number of records continued to increase during the period in which Fowler had access to it. This suggests that newly stolen credentials were continuously added until the database was shut down.
Which security measures are advisable after a major data breach
A data breach of this magnitude serves as a clear warning to many. Even without concrete evidence of personal involvement, reviewing security measures is advisable.
A key point remains the handling of passwords. Reusing the same password for multiple accounts significantly increases the risk. Once login credentials are compromised, they can be misused for further attacks.
Changing passwords is a first step. Password managers help create and manage secure and complex passwords. They reduce the risk of human error and eliminate the need for reusing passwords.
Where available, passkeys offer an alternative to traditional passwords. They are based on cryptographic methods and are considered more resistant to phishing and data theft.
Additionally, protection against malware plays an important role. Current antivirus solutions can detect many information stealers, but caution when opening attachments, links, and messages remains crucial.
Additionally, identity theft protection services can help detect suspicious activity early and provide support in serious cases. These services often include insurance coverage against financial losses.
Another important point is closing unused online accounts. Every additional account increases the attack surface. Fewer active accounts mean fewer potential entry points and less sensitive data that could be exposed in a future data breach.
Why indirect attacks are increasingly becoming the greatest threat
This recent data leak, with over 149 million login credentials exposed, demonstrates the growing threat posed by indirect attacks. Without directly hacking major platforms, vast amounts of sensitive information could be collected and made publicly available.
Whether further details about this database will emerge remains unclear. Regardless, the incident underscores the importance of responsible password management, effective security measures, and a limited number of active online accounts. Such a data leak is not an isolated incident, but a realistic scenario in modern cybercrime. (Image: Shutterstock / Pungu x)
- WhatsApp is testing a new group feature for chat histories
- Apple remains the industry benchmark in the Fortune 2026 ranking
- Apple Event for Creatives: Is the new MacBook Pro coming?
- Apple AI lawsuit: Judge rejects Musk's source code request
- Apple accuses the EU of political delaying tactics
- App Store: Significantly more advertising will be added starting in March 2026
- Apple Watch improves early detection of atrial fibrillation
- Apple significantly increased its lobbying spending in the US in 2025
- Apple under pressure: Investors demand transparency regarding China
- Apple TV and the 2026 Oscars: F1 becomes a beacon of hope
- Apple is enticing buyers in China with New Year's discounts
- ChatGPT Atlas: New update improves the AI browser
- Apple leads the Global 500 2026 as the most valuable brand
- Apple supplier Luxshare: Hackers steal product data
- Threads is introducing advertising worldwide – here's what's changing now
- Apple TV reveals release date for For All Mankind Season 5
- Apple responds to BOE problems and relies on Samsung
- Apple and tracking: France's landmark ruling
- iPad Pro & Air: Apple releases new firmware for Magic Keyboard
- Apple faces patent lawsuit over Eye Contact feature
- Apple faces a protracted dispute over fall detection
- iPhone 17 Pro: Tests dispel concerns about discoloration
- Apple clearly prevailed against market trend in China in 2025
- Firehound analyzes app store apps with serious data leaks
