Overview
- Cybersecurity researcher Jeremiah Fowler identified an unprotected 96GB database holding 149,404,754 unique username–password pairs across major platforms.
- The dataset included an estimated 48 million Gmail credentials and millions more for Facebook, Instagram, Yahoo, Netflix, Outlook, TikTok, iCloud and Binance.
- The server remained publicly accessible for weeks and continued to grow before the hosting provider suspended it and removed the data.
- Records contained exact login URLs and organized metadata linking victims to sources, making automated credential‑stuffing and targeted phishing easier.
- Google describes the cache as compiled infostealer logs and says it locks affected accounts and forces password resets; experts urge unique passwords, MFA/passkeys and malware scans, especially given financial and .gov credentials in the haul.