Massive Exposed Database Containing 149 Million Credentials Discovered Online
Security researcher Jeremiah Fowler uncovered a publicly accessible database containing 149 million usernames and passwords, including credentials for major platforms and sensitive systems. The unsecured collection, which was freely accessible via a web browser, included 48 million Gmail accounts, 17 million Facebook logins, 420,000 Binance credentials, 3.4 million Netflix accounts, 780,000 TikTok logins, and 100,000 OnlyFans accounts. Additionally, it held 1.5 million Microsoft Outlook, 900,000 Apple iCloud, and 1.4 million .edu credentials, along with login details for government systems and consumer bank accounts.
Fowler reported the database to the Canadian hosting provider, which took it offline after nearly a month for violating its terms of service. During this period, the database continued to grow, suggesting ongoing data collection. Fowler suspects the credentials were harvested via infostealing malware, which logs keystrokes when victims enter login details on compromised sites.
The discovery highlights the thriving infostealer market, where stolen credentials are sold for as little as $10 per log on the dark web. The simplicity of such malware makes it a popular tool for cybercriminals, enabling large-scale credential theft with minimal effort. The incident underscores the risks of unsecured databases and the widespread impact of infostealer-driven breaches.
Netflix cybersecurity rating report: https://www.rankiteo.com/company/netflix
Facebook cybersecurity rating report: https://www.rankiteo.com/company/Facebook
TikTok cybersecurity rating report: https://www.rankiteo.com/company/tiktok
Binance cybersecurity rating report: https://www.rankiteo.com/company/binance
OnlyFans cybersecurity rating report: https://www.rankiteo.com/company/onlyfans
Microsoft Security cybersecurity rating report: https://www.rankiteo.com/company/microsoft-security
Apple cybersecurity rating report: https://www.rankiteo.com/company/apple
Consumer Financial Protection Bureau cybersecurity rating report: https://www.rankiteo.com/company/consumer-financial-protection-bureau
Government of India cybersecurity rating report: https://www.rankiteo.com/company/government-of-india
"id": "NETFACTIKBINONLMICAPPCONGOV1769182444",
"linkid": "netflix, Facebook, tiktok, binance, onlyfans, microsoft-security, apple, consumer-financial-protection-bureau, government-of-india",
"type": "Breach",
"date": "1/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '48 million',
'industry': 'Technology',
'name': 'Gmail',
'type': 'Email Service'},
{'customers_affected': '17 million',
'industry': 'Technology',
'name': 'Facebook',
'type': 'Social Media'},
{'customers_affected': '420,000',
'industry': 'Finance',
'name': 'Binance',
'type': 'Cryptocurrency Exchange'},
{'customers_affected': '3.4 million',
'industry': 'Entertainment',
'name': 'Netflix',
'type': 'Streaming Service'},
{'customers_affected': '780,000',
'industry': 'Technology',
'name': 'TikTok',
'type': 'Social Media'},
{'customers_affected': '100,000',
'industry': 'Adult Entertainment',
'name': 'OnlyFans',
'type': 'Content Subscription Service'},
{'customers_affected': '1.5 million',
'industry': 'Technology',
'name': 'Microsoft Outlook',
'type': 'Email Service'},
{'customers_affected': '900,000',
'industry': 'Technology',
'name': 'Apple iCloud',
'type': 'Cloud Storage'},
{'customers_affected': '1.4 million',
'industry': 'Education',
'name': 'Educational Institutions (.edu)',
'type': 'Education'},
{'industry': 'Public Sector',
'name': 'Government Systems',
'type': 'Government'},
{'industry': 'Finance',
'name': 'Consumer Banks',
'type': 'Financial Institution'}],
'attack_vector': 'Infostealing Malware',
'data_breach': {'number_of_records_exposed': '149 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Usernames', 'Passwords']},
'description': 'Security researcher Jeremiah Fowler uncovered a publicly '
'accessible database containing 149 million usernames and '
'passwords, including credentials for major platforms and '
'sensitive systems. The unsecured collection included 48 '
'million Gmail accounts, 17 million Facebook logins, 420,000 '
'Binance credentials, 3.4 million Netflix accounts, 780,000 '
'TikTok logins, and 100,000 OnlyFans accounts, along with 1.5 '
'million Microsoft Outlook, 900,000 Apple iCloud, and 1.4 '
'million .edu credentials, as well as login details for '
'government systems and consumer bank accounts. The database '
'was taken offline after nearly a month for violating the '
"hosting provider's terms of service.",
'impact': {'brand_reputation_impact': 'High',
'data_compromised': '149 million credentials',
'identity_theft_risk': 'High',
'payment_information_risk': 'High'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes',
'entry_point': 'Infostealing Malware'},
'investigation_status': 'Ongoing',
'lessons_learned': 'The incident highlights the risks of unsecured databases '
'and the widespread impact of infostealer-driven breaches. '
'It underscores the need for better security practices to '
'prevent credential harvesting and unauthorized access.',
'motivation': 'Financial Gain',
'post_incident_analysis': {'corrective_actions': 'Database taken offline, '
'further investigation '
'needed',
'root_causes': 'Unsecured database, infostealing '
'malware'},
'recommendations': ['Implement stricter access controls for databases',
'Enhance monitoring for unauthorized access',
'Educate users on the risks of infostealing malware',
'Use multi-factor authentication to mitigate credential '
'theft'],
'references': [{'source': 'Security Researcher Jeremiah Fowler'}],
'response': {'containment_measures': 'Database taken offline by hosting '
'provider'},
'title': 'Massive Exposed Database Containing 149 Million Credentials '
'Discovered Online',
'type': 'Data Breach',
'vulnerability_exploited': 'Unsecured Database'}