• Send Us A Tip
  • Calling all Tech Writers
  • Advertise
Sunday, July 5, 2026
  • Login
TechStory
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to
No Result
View All Result
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to
No Result
View All Result
TechStory
No Result
View All Result
Home News

149 Million Logins Exposed in Massive ‘Infostealer’ Breach

by Anindya Paul
January 25, 2026
in News
Reading Time: 4 mins read
0
database

Source: ET Edge Insights

TwitterWhatsappLinkedin

The vast database that was recently released to the public will serve as a stark reminder about how tenuous our digital privacy can be. A huge database of almost 150 million user accounts has been found to be available without encryption of any kind over the internet, containing highly sensitive credentials for everything from Binance wallets to Disney+. Anyone with internet access could merely browse through the accounts of millions of individuals. Cybersecurity researcher Jeremiah Fowler and his partner ExpressVPN discovered the database that they characterised as having “massive” potential ramifications for the security field, due to the sheer number of account credentials within this location. The collection of account credentials is 96GB in size and contained 149,404,754 unique account credentials. Furthermore, the data was not posted on any Dark Web sites for the purpose of financial gain, nor protected by any type of password security; thus users are at increased risk due to the unencrypted data being available on an unsecure server.

You might also like

Uber Pauses Europe Expansion Plans as It Chases €12 Billion Delivery Hero Takeover

US DOJ Tells Judge Adani Indictment Was Legally Flawed And Should Never Have Been Filed, Demands Permanent Dismissal

CBI Arrests Reliance Capital’s Former CFO Amit Bapna From Tihar Jail In ₹9,280 Crore Loan Diversion Case

The Scale of the Spill

The data quantity indicates that this was an intentional, industrial level activity. In addition, the database did not simply contain random text files, but had been built as a well-organized collection of stolen identity’s. As indicated in Fowler’s analysis, the leak affected users throughout almost all parts of the internet (i.e., 17 million facebook accounts, 6.5 million Instagram profiles, 48 million Gmail addresses, and so forth).

For the cryptocurrency sector, the numbers are particularly alarming. The database contained login details for roughly 420,000 Binance accounts. Exposing approximately 500,000 (500K) trading accounts is an enormous risk factor since in this industry, access generally equals permanent financial loss. In addition to the financial consequences of the leaked information, this leak exposed what is being referred to as the “everything store” of the Internet: 3.4 million Netflix (NFX) accounts, 780,000 TikTok (TKTK) accounts, and Roblox (RBLX) accounts. Additionally, this has made young users susceptible to being exploited.

A “Host Reversed” Signature

The forensic evidence that the attackers left behind makes this breach distinct from others. Fowler pointed out that they stored the data in a certain technical format called a “host-reversed path.” This means that they stored the data in a way that allowed them to reverse-engineer the site, so the names of sites that were stolen would not conflict with one another and could not be found easily by automated repository searches. Therefore, if a hacker were to steal someone’s Facebook password and then reverse the site name to com.Facebook.login before storing the data, the data wouldn’t be found during searches for Facebook login entries.

The organizing method and the creation of original “line hashes” for every record indicates that someone has used very advanced malware called “Infostealer.” Unlike most viruses that can make a system crash and alter the components of the operating system, Infostealers run in the background and record keystrokes and store passwords that are saved in web browsers. In fact, Infostealers act as a parasite and give the malicious actor who created the Infostealer access to the user’s credentials and a database that stores those credentials.

National Security Implications

The most troubling aspect of this leak is the government-related data that was exposed. The data included logins from many different countries with a [dot]gov domain. While there is no definitive evidence that these logins provide access to classified government systems, there is a serious threat to national security if malicious actors use legitimate government email addresses to launch spear-phishing attacks against individuals and organizations.

“Exposed government credentials could be potentially used for targeted spear-phishing, impersonation, or as an entry point into government networks,” Fowler warned in his report. The potential for state-sponsored actors to weaponize this data against public infrastructure cannot be overstated.

A Month of Vulnerability

The timeline of the exposure raises another concern altogether. Fowler identified a database and contacted the hosting service to alert them about the potential risks (the hosting service acknowledged the risk). It took the hosting service nearly a month to disable the server hosting the database. In the meantime, activity from malware networks continued and new victims’ data was continually added to the database, causing it to grow in size.

It is currently impossible to identify who owns the database because the hosting service has not disclosed who is paying for it, and it is also unclear whether the cybercriminals collecting the victim’s information were operating for personal profit or whether they were acting on behalf of a broker selling that information.

The Silent Threat

This incident highlights the increasing threat from infostealer malware in 2026. Security[dot]org published a report in October 2022 which stated that in 2025, 66% of Americans engaged with antivirus software; however, this also indicates that a large segment of Americans still do not have any level of protection against these types of attacks. With cybercrime costs hitting an estimated $16.6 billion annually, the gap in personal cybersecurity hygiene is proving expensive.

Experts advise that simply changing passwords is no longer enough. If a device is infected with an infostealer, the new password is stolen the moment it is typed. The only effective defense is a “scorched earth” approach: running a comprehensive antivirus scan to remove the malware entirely before resetting any credentials. As this latest breach proves, in the digital age, what you don’t know can definitely hurt you.

Tweet55SendShare15
Previous Post

Software Giant Autodesk Trims 7% Staff to Fuel Future AI Ambitions

Next Post

Coinbase CEO Reveals Banks’ Private Panic at Davos

Anindya Paul

Professional content creator with strong expertise in content writing, filmmaking and social media strategy. Skilled in digital storytelling, scriptwriting, video production, sound design and graphic design - crafting compelling narratives across platforms. Known for delivering high-quality, engaging content under tight deadlines. A collaborative team player with a sharp creative instinct, adaptability to evolving trends, and a focus on impactful, results-driven communication.

Recommended For You

Uber Pauses Europe Expansion Plans as It Chases €12 Billion Delivery Hero Takeover

by Rounak Majumdar
July 5, 2026
0
Uber Pauses Europe Expansion Plans as It Chases €12 Billion Delivery Hero Takeover

Uber has quietly shelved the majority of its headline-grabbing European food delivery expansion, just months after announcing it with considerable fanfare. The Financial Times reported on Sunday that...

Read more

US DOJ Tells Judge Adani Indictment Was Legally Flawed And Should Never Have Been Filed, Demands Permanent Dismissal

by Rounak Majumdar
July 5, 2026
0
US DOJ Tells Judge Adani Indictment Was Legally Flawed And Should Never Have Been Filed, Demands Permanent Dismissal

The US Department of Justice has done something extraordinary: it has come into a federal courtroom and told the judge that its former administration was wrong to prosecute....

Read more

CBI Arrests Reliance Capital’s Former CFO Amit Bapna From Tihar Jail In ₹9,280 Crore Loan Diversion Case

by Rounak Majumdar
July 5, 2026
0
CBI Arrests Reliance Capital's Former CFO Amit Bapna From Tihar Jail In ₹9,280 Crore Loan Diversion Case

The Central Bureau of Investigation has added another name to the growing list of arrests in the Reliance ADA Group fraud investigation. The CBI arrested Amit Bapna, former...

Read more
Next Post
Armstrong

Coinbase CEO Reveals Banks' Private Panic at Davos

Please login to join discussion

Techstory

Tech and Business News from around the world. Follow along for latest in the world of Tech, AI, Crypto, EVs, Business Personalities and more.
reach us at info@techstory.in

Advertise With Us

Reach out at - info@techstory.in

Aviator Game India 2026

BROWSE BY TAG

#Crypto #howto 2024 acquisition AI amazon Apple Artificial Intelligence bitcoin Business China cryptocurrency e-commerce electric vehicles Elon Musk Ethereum facebook funding Gaming Google India Instagram Investment ios iPhone IPO Market Markets Meta Microsoft News OpenAI samsung Social Media SpaceX startup startups tech technology Tesla TikTok trend trending twitter US

© 2025 Techstory.in

No Result
View All Result
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to

© 2025 Techstory.in

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?