Gmail hacked

hittman

Moderator
Staff member
Moderator
Joined
Jan 16, 2008
Messages
26,724
City & State/Province
Illinois

149 million passwords exposed in massive credential leak​

Security researchers warn millions of Gmail users and others to act now​

https://www.foxnews.com/tech/149-million-passwords-exposed-massive-credential-leak

The data included credentials tied to an estimated 48 million Gmail accounts, along with millions more from popular services. Cybersecurity researcher Jeremiah Fowler, who discovered the database, confirmed it was not password-protected or encrypted. Anyone who found it could have accessed the data.

Here is what we know so far and what you should do next.

What was found in the exposed database

The database contained 149,404,754 unique usernames and passwords. Fowler said the exposed files included email addresses, usernames, passwords and direct login URLs for accounts across many platforms.

Importantly, this was not a new breach of Google, Meta or other companies. Instead, the database appears to be a compilation of credentials stolen over time from past breaches and malware infections. That distinction matters, but the risk to users remains real.

Which accounts appeared most often

Based on estimates shared by Fowler, the following services had the highest number of credentials in the exposed database.

  • 48 million - Gmail
  • 17 million - Facebook
  • 6.5 million - Instagram
  • 4 million - Yahoo Mail
  • 3.4 million - Netflix
  • 1.5 million - Outlook
  • 1.4 million - .edu email accounts
  • 900,000 - iCloud Mail
  • 780,000 - TikTok
  • 420,000 - Binance
  • 100,000 - OnlyFans
Email accounts dominated the dataset, which matters because access to email often unlocks other accounts. A compromised inbox can be used to reset passwords, access private documents, read years of messages and impersonate the account holder. That is why Gmail appearing so frequently in this database raises concerns beyond any single service.

Why the exposed database creates serious security risks

This exposed database was not abandoned or forgotten. The number of records increased while Fowler was investigating it, which suggests the malware feeding it was still active. There was also no ownership information attached to the database. After multiple attempts, Fowler reported it directly to the hosting provider. It took nearly a month before the database was finally taken offline. During that time, anyone with a browser could have searched it. That reality raises the stakes for everyday users.

This was not a traditional hack or company breach

Hackers did not break into Google or Meta systems. Instead, malware infected individual devices and harvested login details as people typed them or stored them in browsers. This type of malware is often spread through fake software updates, malicious email attachments, compromised browser extensions or deceptive ads. Once a device is infected, simply changing passwords does not solve the problem unless the malware is removed.
 
Back
Top