A massive database containing nearly 149 million compromised login credentials, including a projected 48 million Gmail usernames and passwords, has been exposed.
As per cybersecurity researcher Jeremiah Fowler, the database that was not password-protected or encrypted, contained nearly 96GB of raw credential data.
Fowlers stated the exposed details are a compilation of credentials collected from past data breaches and infostealer malware logs, instead of the result of a new breach targeting Gmail and other services.
Infostealer malware infected personal devices and records user inputs like passwords and usernames.
Alongside Gmail accounts, the leaked database reportedly included credentials associated with Yahoo, Instagram, Netflix, Facebook, and Outlook, and logins for government, streaming services and banking.
The database was taken offline after over a month of efforts to have it removed.
As per cybersecurity experts, some datasets are highly valuable to criminals, as they can be used for credential-stuffing attacks, where stolen login information is reused across several platforms.
Moreover, experts mentioned that the database seems to be increasing, indicating the malware responsible may still be active.
The Alphabet-owned Google confirmed that it is aware of the reports and stated the exposed data represents aggregated infostealer logs collected over time.
Google stated that it has automated systems that identify compromised credentials, lock affected accounts and force password resets.
Security experts recommend that users change passwords, avoid reusing credentials across services, enable two-factor authentication, and consider using password managers or passkeys to reduce risk.
