Data of 149 million Gmail, Facebook and Instagram accounts breached

WEB DESK: A massive data leak has exposed usernames, passwords, and other personal details of nearly 149 million users across platforms including Gmail, Facebook, Instagram, Netflix, TikTok, Binance, and OnlyFans, according to cybersecurity experts.

The unsecured database, discovered by researcher Jeremiah Fowler, contained 96 gigabytes of sensitive information and was publicly accessible online. It included 48 million Gmail accounts, 17 million Facebook accounts, 6.5 million Instagram accounts, 3.4 million Netflix accounts, 780,000 TikTok accounts, 420,000 Binance accounts, and 100,000 OnlyFans accounts, as well as millions of Yahoo, Outlook, iCloud, and academic (.edu) accounts.

Fowler told WIRED that the database appeared to have been assembled using infostealing malware, which infects devices and captures passwords, browser-saved data, and other credentials before sending it to a central server. “This is like a dream wish list for criminals,” he said.

Cybersecurity experts warn that such leaks increase the risk of account takeovers, financial fraud, phishing attacks, and fake messaging—especially for users who reuse passwords across multiple services.

Unlike breaches caused by hacking a single company, this leak resulted from data aggregated from multiple sources, making it difficult to trace a single point of failure. The database was eventually taken offline after Fowler reported it to the hosting provider in Canada, but it highlights the growing risks of publicly exposed and misconfigured online databases.

Digital Rights Monitor noted that the incident underscores how easily sensitive personal information can be accessed when security practices are lax, and urged users to adopt strong, unique passwords and enable two-factor authentication wherever possible.