Sign in

Massive breach exposes 149 million Instagram, Gmail, Netflix passwords: Report

The leaked data includes around 48 million Gmail accounts, 4 million Yahoo accounts, 17 million Facebook accounts among others.

Published on: Jan 25, 2026, 09:27:45 IST
Share
Share via
  • facebook
  • twitter
  • linkedin
  • whatsapp
Copy link
  • copy link

Login credentials linked to more than 149 million online accounts were allegedly exposed after a large database was found publicly accessible, according to a report published by ExpressVPN. The data reportedly includes user accounts from major platforms such as Gmail, Instagram, Facebook and Netflix.

The data was found in a publicly accessible database that lacked even basic security safeguards. (Representative Image/Pexel)
The data was found in a publicly accessible database that lacked even basic security safeguards. (Representative Image/Pexel)

The report, authored by cybersecurity researcher Jeremiah Fowler, states that the leaked data includes around 48 million Gmail accounts, 4 million Yahoo accounts, 17 million Facebook accounts, 6.5 million Instagram accounts, 3.4 million Netflix accounts and 1.5 million Outlook accounts, among others, according to PTI.

Also Read | Did an Instagram data breach expose 17 million accounts worldwide? Meta says 'accounts remain secure'

Data found in public database

According to Fowler, the data was found in a publicly accessible database that lacked even basic security safeguards.

“The publicly exposed database was not password-protected or encrypted. It contained 149,404,754 unique logins and passwords, totaling a massive 96 GB of raw credential data. In a limited sampling of the exposed documents, I saw thousands of files that included emails, usernames, passwords, and the URL links to the login or authorization for the accounts,” he said in the report.

Fowler said the database could be accessed by anyone who came across it, potentially exposing millions of users to misuse of their credentials.

“The exposed records included usernames and passwords collected from victims around the world, spanning a wide range of commonly used online services and about any type of account imaginable,” he said.

Sensitive information leaked

The dataset reportedly also contained sensitive information linked to financial services, including crypto wallets, trading platforms, banking logins and credit card accounts, based on a limited review conducted by the researcher.

A particularly serious issue, Fowler noted, was the presence of credentials linked to government email addresses.

“While not every government-linked account grants access to sensitive systems, even limited access could have serious implications depending on the role and permissions of the compromised user.

“Exposed government credentials could be potentially used for targeted spear-phishing, impersonation, or as an entry point into government networks. This increases the potential of .gov credentials posing national security and public safety risks,” he said.

Fowler warned that the scale of the exposure poses a major threat to users who may be unaware that their information has been compromised.

“Because the data includes emails, usernames, passwords, and the exact login URLs, criminals could potentially automate credential-stuffing attacks against exposed accounts including email, financial services, social networks, enterprise systems, and more.

“This dramatically increases the likelihood of fraud, potential identity theft, financial crimes, and phishing campaigns that could appear legitimate because they reference real accounts and services,” he said.

  • HT News Desk
    ABOUT THE AUTHOR
    HT News Desk

    Follow the latest breaking news, major developments and agenda-setting stories from India and around the world with the newsdesk at Hindustan Times. Operating round the clock, the desk brings together experienced editors, reporters and correspondents to deliver fast, accurate and contextual reporting across subjects that influence public policy, governance, business, society and international affairs. The HT News Desk covers politics, elections, government policies, the economy, business and markets, science and technology, the environment, law and order, infrastructure, education, climate issues and geopolitics, while closely tracking developments across states, institutions and global capitals. The team also leads coverage of major breaking news events, policy announcements, court proceedings, natural disasters, public emergencies and significant international developments. Reports published by the newsdesk are based on information gathered from reporters on the ground, official statements, government agencies, court records, regulatory filings, recognised institutions and other authoritative sources. Stories undergo editorial scrutiny and verification processes to ensure accuracy, fairness and relevance, and are updated as events evolve and additional information becomes available. Whether covering a key political decision in New Delhi, an economic policy shift affecting millions, a landmark court ruling or a major global event, the HT News Desk aims to provide readers with reliable, fact-based journalism that delivers not only the latest developments but also the context and analysis needed to understand their wider implications.Read More

Get the latest headlines from US news and global updates from Pakistan, Nepal, UK, Bangladesh, Russia and US Iran war Live, get all the latest headlines in one place on Hindustan Times.