Cybersecurity researcher Jeremiah Fowler has stumbled upon something that could keep many up for nights. Sitting in plain sight on the internet was a database—unprotected, unencrypted—containing nearly 149 million stolen usernames and passwords. It was a digital goldmine for anyone with bad intentions.
Fowler’s discovery, which he detailed in a report shared with ExpressVPN, revealed 96 gigabytes of raw credential data harvested from malware-infected personal devices. The exposed accounts covered everything from Facebook and Instagram to Netflix, TikTok, and the cryptocurrency exchange Binance. At least 420,000 of those credentials belonged to Binance users.
A Goldmine for Hackers
The scale is staggering: 48 million Gmail accounts, 17 million Facebook accounts, 6.5 million Instagram accounts, 3.4 million Netflix accounts, and 780,000 TikTok accounts. But what really raises eyebrows is the inclusion of government-linked accounts with .gov domains from multiple countries. That’s a potential gateway for phishing attacks and government impersonation.
Your completely free resource hub designed to boost your knowledge of cryptocurrencies
“This is not the first dataset of this kind I have discovered, and it only highlights the global threat posed by credential-stealing malware,” Fowler said. Digging through a limited sample, he found financial services accounts, crypto wallets, banking logins, and credit card information.
So what happened? Infostealer malware stole the data. It is the kind of malware that quietly lifts saved login credentials from infected devices. Binance was quick to clarify this was not a breach of their systems. Instead, it was user devices that got infected. Deddy Lavid, who runs blockchain cybersecurity firm Cyvers, backed that up, confirming the leak happened on end-user devices rather than the exchange’s infrastructure.
What Comes Next
In such cases, Binance keeps tabs on dark web marketplaces, sends alerts to affected users, and forces password resets when threats pop up. Still, the reality is sobering: only about 66 percent of U.S. adults were using antivirus software in 2025. That leaves a sizable chunk of users exposed.
What’s perhaps most frustrating is how long it took to shut this down. After Fowler reported the database to the hosting provider, nearly a month went by before they finally took it offline. During that window, the number of compromised records kept climbing.
