WEB DESK: A significant data breach has exposed personal details, including usernames and passwords, of nearly 149 million users across various platforms such as Gmail, Facebook, Instagram, Netflix, TikTok, Binance, and OnlyFans. According to cybersecurity experts, the leak originated from an unsecured database containing approximately 96 gigabytes of sensitive information.
The database was discovered by researcher Jeremiah Fowler and contained a staggering 48 million Gmail accounts, 17 million Facebook accounts, 6.5 million Instagram accounts, 3.4 million Netflix accounts, 780,000 TikTok accounts, 420,000 Binance accounts, and 100,000 OnlyFans accounts. Additionally, millions of Yahoo, Outlook, iCloud, and academic (.edu) user accounts were also compromised.
Fowler informed WIRED that the database was likely created using infostealing malware, which infects devices to capture passwords, browser data, and other credentials before transmitting them to a central server. He described this as “a dream wish list for criminals.”
Cybersecurity experts caution that such breaches significantly increase the risk of account takeovers, financial fraud, phishing attacks, and fake messaging, especially concerning users who reuse passwords across multiple services.
Unlike traditional hacking incidents targeting single entities, this breach involved aggregated data from various sources, making it challenging to identify a singular point of failure. The database was eventually removed from public access after Fowler reported the issue to the hosting provider in Canada but highlights ongoing risks associated with publicly exposed and inadequately secured online databases.
Digital Rights Monitor emphasized that incidents like these underscore how easily sensitive personal information can be accessed when security measures are lax, and they urged users to use strong, unique passwords and enable two-factor authentication wherever possible.