Technology & Science

Researcher Uncovers 96-GB Public Database Holding 149 M Stolen Credentials

On 24 Jan 2026, security analyst Jeremiah Fowler located—and after a month persuaded the host to remove—an unprotected cloud repository containing 149,404,754 previously stolen usernames and passwords.

By Priya CastellanoJanuary 25, 2026

Focusing Facts

The exposed archive totaled 96 GB and listed 149.4 million unique logins with URLs for automated sign-in attempts.
Roughly 48 million of the records were Gmail credentials, far outstripping the next-largest set (17 million Facebook logins).
The dataset kept growing during the month-long disclosure window, indicating active infostealer malware was still feeding it.

This incident echoes past "credential dump" milestones such as 2019’s 773 M-record Collection #1 and the 2014 Yahoo mega-breach, but differs in that it exposed the criminals’ own aggregation hub rather than a victim company’s servers. It underscores two long arcs: the industrialisation of infostealer-as-a-service (cheap, automated, global) and the gradual obsolescence of the single password model in favour of hardware-bound passkeys and multifactor logins. On a century scale, the episode is a footnote—no new hack occurred—but it demonstrates how secondary crimeware markets now threaten state and personal security alike; leaking even the thieves’ stockpiles accelerates the push toward credential-less authentication much as 19th-century bank robberies spurred safe-manufacturing standards.

You've read the facts. The perspectives are behind this line.

Perspectives in this article

Local tabloid-style consumer news outlets
Tech-focused business media
Indian & South Asian financial news outlets

Focusing Facts

You've read the facts. The perspectives are behind this line.

Perspectives in this article

Related Stories