Massive Gmail Credential Leak Exposes 48 Million Logins from Infostealer Malware
A recent discovery has revealed a massive exposure of stolen credentials, including an estimated 48 million Gmail logins, compiled from infostealer malware targeting victims worldwide. Security researcher Jeremiah Fowler uncovered an unsecured database containing 149 million usernames and passwords for various platforms, with Gmail accounts making up a significant portion of the breach.
The dataset consists of credentials harvested by third-party malware over time, which cybercriminals then aggregated. While Google confirmed awareness of the reports, the company clarified that the breach was not a result of a direct attack on its systems. Instead, the exposed data originated from personal devices infected with infostealer malware, which captures login details and other sensitive information.
Google stated that it monitors for such external threats and has automated protections in place, including account locks and forced password resets when compromised credentials are detected. The incident highlights the ongoing risk of malware-driven credential theft, where attackers exploit infected devices to amass login data before selling or leaking it online.
The exposed database was discovered on January 24, 2026, underscoring the persistent threat of large-scale credential leaks in cybercrime operations. While Google has not disclosed the exact number of affected Gmail users, the scale of the leak reinforces the need for multi-layered security measures beyond password protection.
Google TPRM report: https://www.rankiteo.com/company/google
"id": "goo1769272069",
"linkid": "google",
"type": "Breach",
"date": "1/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '48 million Gmail users '
'(estimated)',
'industry': 'Technology/Email Services',
'location': 'Global',
'name': 'Google (Gmail)',
'size': 'Large',
'type': 'Technology Company'}],
'attack_vector': 'Infostealer Malware',
'data_breach': {'data_exfiltration': 'Yes (harvested by malware and '
'aggregated by cybercriminals)',
'number_of_records_exposed': '149 million',
'personally_identifiable_information': 'Yes (login '
'credentials)',
'sensitivity_of_data': 'High (login credentials)',
'type_of_data_compromised': 'Usernames and passwords'},
'date_detected': '2026-01-24',
'description': 'A recent discovery has revealed a massive exposure of stolen '
'credentials, including an estimated 48 million Gmail logins, '
'compiled from infostealer malware targeting victims '
'worldwide. Security researcher Jeremiah Fowler uncovered an '
'unsecured database containing 149 million usernames and '
'passwords for various platforms, with Gmail accounts making '
'up a significant portion of the breach. The dataset consists '
'of credentials harvested by third-party malware over time, '
'which cybercriminals then aggregated. Google confirmed '
'awareness of the reports but clarified that the breach was '
'not a result of a direct attack on its systems. Instead, the '
'exposed data originated from personal devices infected with '
'infostealer malware, which captures login details and other '
'sensitive information.',
'impact': {'brand_reputation_impact': "Potential impact on Google's "
'reputation due to large-scale '
'credential exposure',
'data_compromised': '149 million usernames and passwords (48 '
'million Gmail logins)',
'identity_theft_risk': 'High',
'systems_affected': 'Personal devices of victims'},
'initial_access_broker': {'data_sold_on_dark_web': 'Likely (aggregated by '
'cybercriminals)',
'entry_point': 'Personal devices infected with '
'infostealer malware'},
'lessons_learned': 'Highlights the ongoing risk of malware-driven credential '
'theft and the need for multi-layered security measures '
'beyond password protection.',
'motivation': 'Data Harvesting for Cybercrime Operations',
'post_incident_analysis': {'corrective_actions': 'Enhanced monitoring and '
'automated protections for '
'compromised accounts',
'root_causes': 'Infostealer malware on personal '
'devices capturing login '
'credentials'},
'recommendations': 'Implement multi-factor authentication, monitor for '
'compromised credentials, and educate users on malware '
'prevention.',
'references': [{'source': 'Security Researcher Jeremiah Fowler'}],
'response': {'containment_measures': 'Account locks and forced password '
'resets when compromised credentials are '
'detected',
'enhanced_monitoring': 'Monitoring for external threats',
'remediation_measures': 'Automated protections for compromised '
'accounts'},
'title': 'Massive Gmail Credential Leak Exposes 48 Million Logins from '
'Infostealer Malware',
'type': 'Credential Leak',
'vulnerability_exploited': 'Personal devices infected with malware'}