Data leak exposes credentials of nearly 149 million users across major platforms

A massive data leak has exposed login credentials and personal information belonging to nearly 149 million users across multiple online platforms, cybersecurity experts have warned.

The unsecured database, discovered by security researcher Jeremiah Fowler, contained around 96 gigabytes of data and was publicly accessible online.

According to Fowler, the exposed information included millions of accounts linked to services such as Gmail, Facebook, Instagram, Netflix, TikTok, Binance and OnlyFans, along with Yahoo, Outlook, iCloud and academic email addresses.

Fowler told WIRED that the data appeared to have been collected using infostealing malware, which infects devices and harvests passwords, browser-stored credentials and other sensitive information before transmitting it to external servers.

He described the database as a “wish list for criminals”.

Cybersecurity specialists cautioned that such leaks significantly increase the risk of account takeovers, financial fraud and phishing attacks, particularly for users who reuse passwords across platforms.

The database was taken offline after being reported to its Canadian hosting provider. Experts have urged users to update passwords, avoid reuse and enable two-factor authentication.