149 Million Login Credentials Exposed

January 2026 has shaped up to be a month that reinforces the importance of taking time to ensure personal and organisational data is secure.

A cybersecurity researcher has uncovered an openly exposed database containing login credentials for approximately 149 million users, with Gmail users facing the highest level of exposure. If these details fall into the wrong hands, users could be at risk of fraudulent activity, identity theft, phishing campaigns and financial crime.

What Happened

The exposed database was discovered by security researcher Jeremiah Fowler and contained a vast collection of login credentials gathered over time. The dataset was not linked to a single breach of one organisation. Instead, it appears to be a compilation of data collected by infostealer malware, malicious software that captures credentials from infected devices and stores them for later use.

The database included email addresses, usernames, passwords and direct login URLs for accounts across a wide range of platforms. At the time of discovery, the data was accessible online without authentication before being taken offline.

What Information Was Exposed

The dataset included credentials associated with services used globally. The largest volumes related to major email and social platforms, including:

• Gmail with approximately 48 million records
• Facebook with around 17 million
• Instagram with approximately 6.5 million
• Yahoo Mail with around 4 million
• Netflix with roughly 3.4 million
• Outlook with around 1.5 million

Other services referenced in the dataset included TikTok, Binance, OnlyFans, DisneyPlus, Roblox and a wide range of additional platforms, including some accounts linked to .edu domains.

Google’s Response

Google responded by confirming that this was not a new breach of Gmail systems. The exposed data represents a compilation of infostealer logs accumulated over time, rather than credentials obtained through a direct attack on Google infrastructure.

While this clarification is important, the exposure still presents a significant risk to users whose credentials may have been captured and reused elsewhere.

Why This Matters

Even when a platform itself has not been breached, exposed credentials can be exploited in several ways:

• Credential stuffing attacks that rely on reused passwords across multiple services
• Highly targeted phishing campaigns using real login data to increase credibility
• Identity theft and financial fraud when email accounts act as gateways to other services

The scale of this exposure highlights how malware and poor password hygiene can create widespread risk long after credentials are initially compromised.

What You Can Do

If you suspect your device may have been infected with malware, act quickly by updating software, installing reputable security tools and running regular scans.

Users should also review application permissions, avoid downloading software or extensions from unofficial sources and remain cautious when receiving unexpected password reset emails. Where possible, check directly within the relevant platform rather than clicking links.

Additional protective steps include enabling multi factor authentication, using an authenticator app, and ensuring passwords are unique and complex, combining upper and lower case letters, numbers and special characters.

How This Could Affect Your Business

With widely used email platforms such as Gmail and Outlook included in the dataset, organisations should remain vigilant. Compromised credentials can enable unauthorised access to systems, support phishing and social engineering attacks, and create wider operational and reputational risk.

Having clear processes in place to detect suspicious activity and respond quickly is essential to limiting damage when incidents occur.

How AJC Can Help

AJC’s cyber specialists support organisations in strengthening cyber resilience and business continuity. We help clients assess risk, improve security awareness and prepare teams to respond effectively to cyber incidents.

This includes building robust continuity plans, running practical exercises to help staff recognise technical issues or potential attacks, and reducing the likelihood of human error through targeted training and preparedness activities.

Contact us on 020 7101 4861 or email us at info@ajollyconsulting.co.uk if you think we can help.

Sources:
https://www.dailymail.co.uk/sciencetech/article-15492661/Gmail-users-usernames-passwords-exposed.html

https://www.techrepublic.com/article/news-149-million-passwords-exposed-infostealer-database

https://www.expressvpn.com/blog/149m-infostealer-data-exposed/

https://www.independent.co.uk/bulletin/news/gmail-passwords-stolen-google-warning-logins-b2906998.html

https://www.welivesecurity.com/en/cybersecurity/credential-stuffing-what-it-is-how-protect-yourself/

Image accreditation: Katka Pavlickova (2018) from Unpslash.com. Last accessed on 26th January 2026. Available at: https://unsplash.com/photos/post-2016-iphone–1MWTZamkwI