Danny Weber
18:59 24-01-2026
© RusPhotoBank
A 2026 data breach exposed 149 million account credentials from services like Gmail, TikTok, and Netflix. Learn about the risks and security tips.
In early 2026, one of the largest cybersecurity incidents in recent times was recorded. Researcher Jeremiah Fowler discovered an unprotected database containing around 96 GB of data, which held login credentials for more than 149 million accounts worldwide. The exposed data included access details for popular services like Gmail, TikTok, Netflix, and other platforms.
According to Fowler, the leaked records covered virtually all types of online accounts, ranging from social media and streaming services to banking apps, crypto exchanges, and even government websites with .gov domains. The sample also contained credentials from educational institutions and corporate services. This is particularly alarming because such information could be used not only for fraud but also for identity theft attacks and infiltrating secure networks.
The identity of the database owner could not be determined. The researcher reported the find to the hosting provider, but the process of blocking access took several months. Moreover, during this time, the database volume continued to grow, indirectly suggesting it was actively being used. It remains unknown how long the data was publicly accessible or whether malicious actors had already exploited it.
Experts point out that such leaks are especially dangerous due to widespread password reuse. Even with a low probability of credential matches, attackers could gain access to thousands of active accounts, including financial ones. Security specialists reiterate the importance of two-factor authentication and unique passwords for different services, as these measures can significantly reduce risks in such incidents.