A massive unsecured database exposing roughly 149 million usernames and passwords surfaces online, triggering fresh concern over the growing scale of infostealer malware.
The leaked dataset includes login credentials tied to major platforms such as Gmail, Facebook, Instagram, Netflix, Yahoo, banking services, and cryptocurrency exchange Binance, where about 420,000 accounts appear affected.
Cybersecurity researcher Jeremiah Fowler discovers the database in January 2026 while conducting routine exposure monitoring. He finds the dataset publicly accessible, completely unencrypted, and protected by no password or authentication controls, leaving sensitive data wide open to anyone who stumbles upon it.
The exposed collection weighs in at approximately 96GB, containing plaintext usernames, often email addresses, and corresponding passwords. Experts immediately warn that the exposure represents a serious security risk, even though it does not originate from a direct breach of the affected companies’ internal systems.
What The Exposed Data Contains
Analysis of the dataset reveals a sweeping cross-section of internet users. About 48 million Gmail accounts appear in the records, alongside 17 million Facebook logins, with millions more tied to Instagram, Netflix, Yahoo, online banking platforms, gaming services such as Roblox, dating websites, and various other digital services.
Among the most sensitive entries are roughly 420,000 Binance login credentials, raising alarm within the crypto community. However, both security experts and Binance emphasize that the presence of these credentials does not indicate a compromise of Binance’s infrastructure.
Instead, the dataset aggregates information collected over time from malware-infected user devices, often personal laptops or work computers. These infections silently harvest saved passwords, browser sessions, cookies, and autofill data without users realizing their information has already been stolen.
Footage and commentary related to the discovery circulate on social media, highlighting the scope of the exposure and reinforcing concerns around infostealer malware ecosystems, as seen in this widely shared disclosure thread on X:
A database containing 149 million usernames and passwords has been found exposed online, including login details linked to about 48 million Gmail accounts.
The leak was discovered by cybersecurity researcher Jeremiah Fowler, who said the database was publicly accessible and…
— HELSINKI TIMES (@HelsinkiTimes) January 26, 2026
Infostealer Malware Behind The Leak
Security researchers trace the dataset back to infostealer malware strains such as RedLine, Raccoon, and similar tools commonly sold or rented in underground cybercrime markets. These malware families infect devices through phishing emails, fake software downloads, cracked applications, malicious browser extensions, or compromised ads.
Once installed, the malware actively logs keystrokes, extracts saved browser credentials, screenshots sessions, and uploads harvested data to remote servers controlled by attackers. Over time, operators compile stolen credentials into massive collections like the one Fowler discovers.
Experts stress that this exposure is not the result of new breaches at Google, Meta, Netflix, or Binance. Instead, it represents an aggregation of previously stolen data, pooled together into a single, dangerously accessible database. One analyst describes the dataset as a “dream wish list for criminals,” capable of fueling credential-stuffing attacks, identity theft, and account takeovers at global scale.
Binance Responds As Experts Clarify The Risk
Following disclosure, Binance confirms it is aware of the dataset and reiterates that its systems remain secure. The exchange explains that the affected credentials originate from user-side infections, not from any breach of Binance servers or databases.
Binance states it will actively monitor dark web channels for signs of exploitation linked to the exposed credentials. The company also commits to notifying affected users, forcing password resets where necessary, and guiding customers through additional security steps to protect their accounts.
Security teams strongly recommend that crypto users adopt hardware-based multi-factor authentication (MFA), such as security keys, instead of relying solely on SMS codes. Binance also urges users to keep antivirus software updated, avoid suspicious downloads, and review account activity regularly to detect unauthorized access early.
Database Taken Down, But Risk Remains
After identifying the exposure, Jeremiah Fowler reports the database to the hosting provider, prompting its eventual removal after several days. Ownership of the database remains unclear, though preliminary indicators point to a cloud service with possible Canadian affiliation.
While there is no confirmed evidence that the data was widely exploited before takedown, experts caution that copies may already exist. Publicly accessible databases often attract automated scanners and malicious actors within hours, making it impossible to guarantee the information was not downloaded during the exposure window.
The incident reinforces a growing reality in cybersecurity: once credentials leak, the damage often continues long after the original source disappears. Stolen login data frequently circulates across multiple underground forums, resurfaces in new dumps, and fuels attacks months or even years later.
What Users Should Do Now
Security professionals urge users to take immediate action to reduce risk. The first step involves checking whether an email address appears in known breaches using trusted exposure-tracking services. If any accounts reuse passwords, users should change them immediately, starting with email, banking, and crypto platforms.
Experts also recommend enabling non-SMS multi-factor authentication, running full malware scans on all devices, and removing suspicious browser extensions or unauthorized software. Adopting a reputable password manager allows users to generate and store unique, complex passwords for every service, dramatically limiting the impact of future leaks.
Ultimately, the exposed 149-million-record database highlights how endpoint security, not just corporate defenses, now defines online safety. As infostealer malware continues to evolve quietly in the background, experts warn that individual users remain the frontline, where a single infected device can expose dozens of accounts in one sweep.
Disclosure: This is not trading or investment advice. Always do your research before buying any cryptocurrency or investing in any services.
Follow us on Twitter @themerklehash to stay updated with the latest Crypto, NFT, AI, Cybersecurity, and Metaverse news!
