A cybersecurity researcher has uncovered a massive, publicly accessible database containing 149,404,754 unique login credentials totaling 96GB, harvested from malware-infected personal devices. The dataset, discovered by researcher Jeremiah Fowler and reported via ExpressVPN, lacked encryption and password protection, allowing anyone to access millions of credentials from major platforms.
The leak impacted a wide range of services. Social media was heavily represented, with 17 million Facebook credentials, 6.5 million from Instagram, and 780,000 from TikTok. Streaming service Netflix led its category with 3.4 million exposed accounts. Email services were also a major target, with 48 million Gmail accounts and 4 million Yahoo accounts compromised.
For the cryptocurrency sector, the data leak included approximately 420,000 credentials associated with Binance users. The dataset also contained credentials linked to other financial services, crypto wallets, and trading accounts. Security experts and Binance itself have stressed that this exposure does not indicate a breach of Binance's internal systems. Instead, the credentials were collected through "infostealer" malware that silently extracts saved logins from compromised user devices.
A Binance spokesperson clarified, "Infostealer is a known malware variant that steals user credentials when the users' devices are compromised. Those are not leaks from Binance." The exchange has protocols to monitor dark web marketplaces, alert affected users, initiate password resets, and revoke compromised sessions.
The leak also raised national security concerns, as it contained credentials associated with government-linked accounts and .gov domains, opening the door to sophisticated phishing attacks. The database remained online for weeks before the hosting provider, after initial denial, finally blocked access following persistent reporting.
The incident highlights the growing threat of infostealer malware, which cybersecurity firm Kaspersky reported on in December 2025. This malware often disguises itself as game cheats or mods (particularly for Roblox) and targets over 100 browsers and at least 80 cryptocurrency exchanges and wallets, including Coinbase, Crypto.com, MetaMask, and Trust Wallet. Experts recommend using reliable antivirus software, enabling two-factor authentication, employing password managers, and maintaining unique passwords across services as critical protective measures.
