Back

Headline: Exposed Database With 149 Million Credentials Taken Offline

lite News Desk 2 min read

At a glance

  • 149 million usernames and passwords were found in an open database
  • 48 million Gmail and 17 million Facebook account credentials included
  • The database was removed after being reported by a cybersecurity researcher

A large unprotected database containing millions of user credentials was discovered and subsequently removed after being reported to the hosting provider. The incident involved a wide range of online services and highlights the scale of exposed personal data.

Cybersecurity researcher Jeremiah Fowler identified the database, which was accessible to the public and searchable through a web browser. The database remained online for nearly a month before it was taken down by the hosting provider following the report.

The database contained approximately 149 million unique usernames and passwords. It included login information for various platforms, with a notable concentration of Gmail and Facebook accounts among the exposed data.

In addition to Gmail and Facebook, the dataset featured credentials for services such as Yahoo, Outlook, iCloud, academic email domains, TikTok, OnlyFans, Netflix, and Binance. The data was not encrypted and continued to expand during the period it was left online.

What the numbers show

  • 149 million unique usernames and passwords were exposed
  • 48 million Gmail account credentials were included
  • 17 million Facebook account credentials were present

The exposed credentials were compiled from various sources and appeared to have been collected using infostealer malware. According to the researcher, the malware harvested login details from infected devices through methods such as keylogging.

The database’s accessibility allowed anyone with a web browser to search for account information. Over the course of a month, the number of records in the database increased before its removal.

The incident involved a range of online platforms, affecting both personal and institutional accounts. The presence of academic and financial service credentials highlights the broad scope of the breach.

After the discovery, the hosting provider acted on the report from the cybersecurity researcher and took the database offline. The takedown ended public access to the exposed credentials, but the duration of exposure raised concerns about the potential misuse of the information.

* This article is based on publicly available information at the time of writing.

Sources and further reading

Related Articles

  1. In December 2025, Trump disclosed bond purchases worth up to $2 million in Netflix and Warner Bros. Discovery, according to reports.

  2. Millions of UK taxpayers are urged to verify their tax codes, as errors can lead to unexpected bills or refunds, according to financial experts.

  3. Maui's recovery from the Lahaina wildfires shows progress, with 64 homes rebuilt and 2.5 million visitors welcomed in 2025, according to reports.

  4. Moltbook, launched in January 2026, has over 1.5 million registered AI agents. Users can observe AI interactions, according to reports.

  5. A single-seat ultralight eVTOL aircraft was unveiled with a launch price of $39,900 and a $5,000 deposit, according to reports.

More on Technology

  1. A statement outlines plans for a $1 billion factory in Mississippi, expected to create over 1,500 jobs by 2028, according to reports.

  2. A seven-foot bronze figure was unveiled at a golf club in Florida, according to reports. The installation is named the Defiance Monument.

  3. Jonathan Nolan emphasizes AI's role in research for filmmaking but opposes its use in scriptwriting, advocating for watermarks on AI content.