New Delhi: Login credentials, including usernames, passwords, of over 149 million accounts of internet firms, including Gmail, Instagram, Facebook, and Netflix, have allegedly been leaked, a report published by ExpressVPN said.
The report published by cybersecurity researcher Jeremiah Fowler claims that the publicly exposed data includes 48 million accounts on Gmail, 4 million on Yahoo, 17 million on Facebook, 6.5 million on Instagram, 3.4 million on Netflix, 1.5 million on Outlook, etc.
“The publicly exposed database was not password-protected or encrypted. It contained 149,404,754 unique logins and passwords, totaling a massive 96 GB of raw credential data. In a limited sampling of the exposed documents, I saw thousands of files that included emails, usernames, passwords, and the URL links to the login or authorization for the accounts,” Fowler said in the report.
Email queries to major firms named in the report did not elicit any immediate reply.
Fowler said the database was publicly accessible, allowing anyone who discovered it to potentially access the credentials of millions of individuals.
“The exposed records included usernames and passwords collected from victims around the world, spanning a wide range of commonly used online services and about any type of account imaginable,” he said.
Also Read
Coupang told to remove internal data breach findings amid probeFinancial services accounts, crypto wallets or trading accounts, banking and credit card logins also appeared in the limited sample of records that the cybersecurity researcher claims to have reviewed.
He said a serious concern was the presence of credentials associated with ‘.gov’ domains from numerous countries.
“While not every government-linked account grants access to sensitive systems, even limited access could have serious implications depending on the role and permissions of the compromised user.
“Exposed government credentials could be potentially used for targeted spear-phishing, impersonation, or as an entry point into government networks. This increases the potential of .gov credentials posing national security and public safety risks,” he said.
Fowler said that the exposure of such a large number of unique logins and passwords presents a potentially serious security risk to a large number of individuals who may not know their information was stolen or exposed.
“Because the data includes emails, usernames, passwords, and the exact login URLs, criminals could potentially automate credential-stuffing attacks against exposed accounts including email, financial services, social networks, enterprise systems, and more.
“This dramatically increases the likelihood of fraud, potential identity theft, financial crimes, and phishing campaigns that could appear legitimate because they reference real accounts and services,” he said.
Get the latest updates in Hyderabad City News, Technology, Entertainment, Sports, Politics and Top Stories on WhatsApp & Telegram by subscribing to our channels. You can also download our app for Android and iOS.
-
Sour or bitter mouth as soon as you wake up in the morning is a sign of stomach related disease, know what is the reason – News Himachali News Himachali
-
Jyotiraditya Scindia lays foundation for Rs 80 cr Agarwood scheme in Tripura
-
Adarsh Nagar fire: AAP slams BJP for ignoring Goa tragedy warnings
-
ICC U19 World Cup 2026: India vs Pakistan Again In Asia Cup Final Repeat As Mhatre & Co Seal Super Sixers Berth
-
RCB Vs DC, WPL 2026: Delhi Capitals' Snap Smriti Mandhana & Co's Winning Run, Seal Dominating 7-Wicket To Keep Playoff Hopes Alive
