Cybersecurity researcher Jeremiah Fowler uncovered a non-encrypted, publicly accessible database containing 149,404,754 unique login credentials totaling 96 GB of data. The exposed records included usernames, passwords, and direct login URLs for services ranging from Gmail and Facebook to banking platforms and government accounts across multiple countries.
149M+Total Logins Exposed
96GBRaw Credential Data
48MGmail Accounts
~1 MonthTime to Take Down
π¨ Zero Security Protection
The database had no password protection and no encryption. Anyone with basic web browsing skills could access and search through millions of stolen credentials. The system was designed for easy indexing and searching, with unique identifiers for each log entry and reversed hostname paths to organize stolen data by victim and source.
Check Your Email Domain Risk
Enter your email domain to see if accounts from your provider were affected. This tool shows the estimated number of exposed accounts from major email providers based on the breach data.
Compromised Platforms
The database contained credentials from a wide range of online services. Email providers made up the largest portion, with 48 million Gmail accounts alone. Social media, streaming services, cryptocurrency exchanges, educational institutions, and government domains were all represented in the exposed data.
π§
Gmail
48M
π₯
Facebook
17M
πΈ
Instagram
6.5M
πΊ
Netflix
3.4M
π¬
Yahoo
4M
π§
Outlook
1.5M
π
.edu Accounts
1.4M
βοΈ
iCloud
900K
π΅
TikTok
780K
π°
Binance
420K
π
OnlyFans
100K
ποΈ
.gov Domains
Multiple Countries
Discovery & Response Timeline
The database was discovered, reported, and eventually taken offline over the course of nearly a month. During this time, new stolen credentials continued to be added to the exposed repository, increasing the total number of compromised accounts.
Initial Discovery
Jeremiah Fowler discovered the unprotected database containing 149,404,754 unique login credentials totaling 96 GB of data. The database was publicly accessible and searchable using just a web browser.
Responsible Disclosure
Fowler reported the exposure directly to the hosting provider through their online abuse reporting form. He received a reply stating they do not host the IP directly, and it is operated by a subsidiary in Canada.
Database Continues Growing
During the reporting process, the number of exposed records increased as new stolen credentials were added. The database continued collecting victim data even as efforts were made to secure it.
Finally Taken Offline
After nearly a month and multiple attempts, the hosting was suspended for violating terms of service. The database was no longer publicly accessible, though the exposed credentials may have already been copied.
π Infostealer Malware Operation
The database showed characteristics of infostealer malwareβmalicious software designed to silently harvest credentials from infected devices. These programs use keylogging to record information victims type into websites, including usernames and passwords. The database used reversed hostname paths formatted as (com.example.user.machine) to organize stolen data by victim and source, with unique line hashes as document IDs to ensure one record per unique log entry.
Security Actions to Take Now
With 149 million credentials exposed, immediate action is necessary to protect your accounts. These steps can help prevent unauthorized access and reduce the risk of identity theft, financial fraud, and phishing attacks.
π
Change Passwords Immediately
Update passwords for email, banking, and social media accounts. Never reuse passwords across different sites or services. Use unique passwords for each account.
β
Enable Two-Factor Authentication
Add an extra verification step to your accounts. This prevents unauthorized access even if your password is compromised, requiring a second form of verification to log in.
π‘οΈ
Install Antivirus Software
A report published in October identified that only 66 percent of U.S. adults used antivirus software in 2025. Scan your devices to detect and remove infostealer malware before changing passwords.
π
Use Password Managers
Password managers encrypt your credentials and auto-fill forms, reducing exposure to basic keyloggers. They also help ensure unique passwords for each service while storing them securely.
π
Update Operating Systems
Keep your operating system and security software current to patch known vulnerabilities that malware exploits. Regular updates improve detection methods and system security.
ποΈ
Monitor Login Activity
Review login history, login locations, devices, and failed login attempts regularly. Most services provide activity logs to help spot unauthorized access attempts.
β οΈ National Security Implications
The database contained credentials associated with .gov domains from numerous countries. While not every government account grants access to sensitive systems, even limited access could have serious implications depending on the role and permissions of the compromised user. Exposed government credentials could be used for targeted spear-phishing, impersonation, or as an entry point into government networks, creating national security and public safety risks.
Read the complete findings from cybersecurity researcher Jeremiah Fowler, including technical details about the database structure, malware indicators, and comprehensive security recommendations for protecting your accounts.
The report covered the discovery of 149,404,754 exposed login credentials, the breakdown of affected platforms, the timeline of disclosure and response, and security recommendations for account protection. The database was taken offline after nearly a month of reporting efforts.
