Fraud & Scams

149 Million Login Credentials Exposed Online

Jenny Leight
By 
Jenny Leight
  •  
February 17, 2026
Copy Link
URL Copied!
149 Million Login Credentials Exposed Online

A major online credential leak has put millions of people’s accounts at risk, and this could directly affect your digital, identity, and financial security if any of your email or account passwords were involved.

Here’s what you need to know.

What Happened

Cybersecurity researcher Jeremiah Fowler discovered a publicly accessible, unsecured database containing about 149 million usernames and passwords. 

The database was unencrypted and open on the web with no password protection, meaning anyone who found it could view the data.

This wasn’t a breach of a single company’s systems. Instead, the information came from personal computers and phones that had been infected with harmful software. That harmful software quietly collected saved login information without people realizing it.

The stolen data included emails, usernames, passwords, and URLs where those credentials could be used.

This kind of exposure is especially concerning because criminals can take real usernames and passwords and try them on other websites, especially if the same password is used in more than one place. 

Accounts Found in the Exposed Data

Security researchers shared estimates showing which accounts appeared most frequently in the exposed database. These numbers represent how many usernames and passwords were found for each service:

  • 48 million – Gmail
  • 17 million – Facebook
  • 6.5 million – Instagram
  • 4 million – Yahoo Mail
  • 3.4 million – Netflix
  • 1.5 million – Outlook
  • 1.4 million – .edu (school and university email accounts)
  • 900,000 – iCloud Mail
  • 780,000 – TikTok
  • 420,000 – Binance (cryptocurrency accounts)
  • 100,000 – OnlyFans

Why This Matters

If you use any of these services, especially email, your account may be at higher risk — particularly if you:

  • Reuse the same password in more than one place
  • Save passwords on your computer or phone
  • Haven’t changed passwords in a long time

Email accounts are especially important to protect, because they can be used to reset passwords for banks, shopping sites, and other personal accounts.

What You Can Do Now

  • Change passwords for important accounts, starting with email and financial accounts
  • Use different passwords for different websites
  • Watch for unusual emails, login alerts, or activity you don’t recognize

If this feels overwhelming, you’re not alone and you don’t have to figure it out by yourself. Carefull can help monitor for unusual activity and guide you through next steps, calmly and step-by-step.

Jenny Leight

Jenny Leight

Jenny Leight supports Business Development & Strategy at Carefull, the first financial safety platform designed to protect aging adults and their families from elder fraud, scams, and money mistakes.

3 Steps to Safer Money,
Try it Free for 30 Days

Step 1

Start your free,
no-risk trial

Step 2

Connect the accounts and cards you want protected

Step 3

Stay alerted to any
unusual activity

Activate your protection
Disclaimer: The information and resources above and within the articles are provided for your convenience through Carefull and should not be considered an endorsement of products, services or information provided, or an assurance of security or privacy provided at the linked site. Bristol County Savings Bank does not own or operate these sites and does not guarantee the accuracy, completeness or timeliness of the information contained therein. We encourage you to review their privacy and security policies which may differ from Bristol County Savings Bank. Bristol County Savings Bank assumes no liability for any loss or damage resulting from any reliance on the material provided.

Related Articles