Technology & Science
Researcher Uncovers 96-GB Public Database Holding 149 M Stolen Credentials
On 24 Jan 2026, security analyst Jeremiah Fowler located—and after a month persuaded the host to remove—an unprotected cloud repository containing 149,404,754 previously stolen usernames and passwords.
Focusing Facts
- The exposed archive totaled 96 GB and listed 149.4 million unique logins with URLs for automated sign-in attempts.
- Roughly 48 million of the records were Gmail credentials, far outstripping the next-largest set (17 million Facebook logins).
- The dataset kept growing during the month-long disclosure window, indicating active infostealer malware was still feeding it.
Context
This incident echoes past "credential dump" milestones such as 2019’s 773 M-record Collection #1 and the 2014 Yahoo mega-breach, but differs in that it exposed the criminals’ own aggregation hub rather than a victim company’s servers. It underscores two long arcs: the industrialisation of infostealer-as-a-service (cheap, automated, global) and the gradual obsolescence of the single password model in favour of hardware-bound passkeys and multifactor logins. On a century scale, the episode is a footnote—no new hack occurred—but it demonstrates how secondary crimeware markets now threaten state and personal security alike; leaking even the thieves’ stockpiles accelerates the push toward credential-less authentication much as 19th-century bank robberies spurred safe-manufacturing standards.
Perspectives
Local tabloid-style consumer news outlets
e.g., Birmingham Mail, Rolling Out — Frame the discovery as an immediate, large-scale danger to ordinary users, urging 149 million Gmail owners to act right away or face likely account takeovers. Headlines and copy lean on dramatic, fear-based language that can boost clicks and reader engagement, exaggerating the novelty of the leak even though sources note it is an aggregated dump.
Tech-focused business media
e.g., Forbes, Helsinki Times — Present the dump as a compilation of older infostealer logs rather than a fresh breach, stressing that users should stay calm and follow standard security hygiene. By foregrounding Google’s reassurance and expert nuance, the coverage can appear to downplay urgency, aligning with industry relations and a measured, insider tone that may understate consumer risk.
Indian & South Asian financial news outlets
e.g., Economic Times, Mint — Emphasise the sheer scale of 149 million exposed credentials and spotlight risks to government (.gov) accounts and potential national-security fallout. Rely heavily on a single ExpressVPN/Fowler report without additional verification, which can inflate perceived threat levels and attract regional readership concerned about cyber-sovereignty.