comscore
हिंदी
  • Home
  • News
  • Massive data leak! Gmail, Instagram, Netflix accounts among 149 Million logins exposed online

Massive data leak! Gmail, Instagram, Netflix accounts among 149 Million logins exposed online

A publicly exposed database containing 149 million usernames and passwords has been discovered. Who is impacted?

Published By: Divya | Published: Jan 25, 2026, 10:38 AM (IST)

data leak
  • whatsapp
  • twitter
  • facebook
  • whatsapp
  • twitter
  • facebook

We’ve all become numb to data breach headlines. Every other day, we get a warning to “change your password.” But when a single exposed database contains 149 million usernames and passwords, it stops feeling routine and starts feeling personal. news Also Read: Tere Ishk Mein OTT release: Dhanush and Kriti Sanon’s film arrives on Netflix

According to a report by cybersecurity researcher Jeremiah Fowler, shared in collaboration with ExpressVPN, an unsecured online database was found openly accessible on the internet. That means, no password, no encryption, just raw login credentials sitting there for anyone who becomes the victim of it.  news Also Read: Instagram Affiliate Marketing as a modern tech-driven income model

What exactly was exposed

As per a report of ExpressVPN, the database reportedly held 149,404,754 unique login records, amounting to nearly 96GB of data. These weren’t just random accounts either. The exposed credentials included emails, usernames, passwords, and even direct login URLs tied to popular services. news Also Read: How to hide likes on Instagram: QUICK steps

Based on the researcher’s limited sampling, the data covered platforms people use daily,  email accounts, social media profiles, streaming services, gaming platforms, dating apps, and more. Financial services, crypto-related logins, and even banking credentials were also present. There was even the presence of government-linked (.gov) email addresses from multiple countries. Not every such account gives access to sensitive systems, but even limited access can open doors to impersonation or targeted phishing.

Where did this data come from

The report suggests the credentials were collected using infostealer malware. This type of malware quietly sits on infected devices, logging keystrokes, scraping browser data, and harvesting saved credentials without the user noticing.

Once collected, this stolen data needs to be stored somewhere,  and in this case, it appears a cloud-based database was left misconfigured and publicly accessible. What’s more worrying is that the dataset reportedly continued growing while it was exposed.

That raises the risk of account takeovers, financial fraud, identity theft, highly convincing phishing attacks, and many affected users may never even realise their credentials were exposed.

Trending Now

What Can You Do? 

If there’s one takeaway from this is that password reuse is your biggest enemy. However, a few simple steps can keep it safe for you:

  • Change passwords on important accounts, starting with email and banking
  • Enable two-factor authentication wherever possible
  • Scan your devices for malware before changing passwords
  • Avoid installing random browser extensions or apps
  • Keep your OS and security software updated