Is Your Account On The List? 149 Million Passwords For Gmail, Facebook Exposed Online In Major Credential Leak

New Delhi: In an alarming cybersecurity breach, a news report alleges that login details, such as usernames and passwords, for more than 149 million accounts across major platforms like Gmail, Instagram, Facebook, and Netflix have been exposed.

This widespread security breach has sparked global concern, highlighting the staggering volume of stolen credentials and the serious dangers users encounter when their private login data is compromised.

According to cybersecurity researcher Jeremiah Fowler, the exposed database included specific totals for several major platforms- roughly 48 million Gmail accounts, 17 million on Facebook, 6.5 million on Instagram, 4 million on Yahoo, 3.4 million on Netflix, and 1.5 million on Outlook.

Exposed database not password-protected

As per a report, he said, "The publicly exposed database was not password-protected or encrypted. It contained 149,404,754 unique logins and passwords, totalling a massive 96 GB of raw credential data. In a limited sampling of the exposed documents, I saw thousands of files that included emails, usernames, passwords, and the URL links to the login or authorisation for the accounts." 

Fowler explained that the database was completely unsecured, meaning anyone with an internet connection who found it could have accessed the private login information of millions of users. The exposed records carried  usernames and passwords collected from victims around the world.

Sensitive credentials exposed

Shockingly, in addition to social media and entertainment logins, the researcher found highly sensitive credentials for financial services, including banking accounts, credit card logins, and cryptocurrency wallets or trading platforms, within the samples he inspected.

A major worry highlighted by Fowler was the discovery of login credentials for .gov domains across numerous nations.

Fowler warned that the leak of such a massive volume of unique login data is a major security threat, particularly because most affected individuals are likely unaware that their personal information has even been compromised.

Estimated volume of exposed accounts according to Fowler:

• Gmail - 48M
• Facebook - 17M
• Instagram - 6.5M
• Yahoo - 4M
• Netflix - 3.4M
• Outlook - 1.5M
• .edu - 1.4M
• iCloud - 900k
• TikTok - 780k
• Binance - 420k
• OnlyFans - 100k

How to protect yourself

To safeguard yourself following an infostealer breach, your first step should be an immediate password reset for critical accounts like email, banking, and social media.

1. Password Hygiene: Create robust, unique passwords for every platform. This prevents a "domino effect" where a single leak grants hackers access to all your accounts (credential stuffing).
2. Layered Defense: Activate Two-Factor Authentication (2FA) on all compatible services. This provides a vital safety net that can stop an intruder even if they have your correct password.
3. Device Cleanup: Perform a comprehensive malware scan on all your devices to eliminate hidden infostealer software.
4. Active Monitoring: Keep a close watch on your transaction history and login logs, and ensure all security notifications are turned on.
5. Stay Alert: Be extremely wary of unexpected emails or texts; hackers frequently use leaked data to send highly targeted phishing lures.

Massive Gmail breach

Last year in October, a major data breach may have exposed the passwords of over 183 million internet users. According to cybersecurity expert Troy Hunt, it has claimed the breach, which occurred in April 2025, compromised millions of email accounts across major domains including Google, Yahoo, and Outlook.

Also Read: Snowfall or False Alarm? How to Know When Your Weather App Is Wrong