A 149 million-record unsecured database of credentials was found online, exposing Gmail, Facebook and more. A gold mine for cyber-criminals.
Security researchers have uncovered an unsecured database containing 149 million usernames and passwords, a trove Wired described as a “dream wish list for criminals.” Freely accessible on the open internet, the database included credentials for major platforms such as Gmail, Facebook, and other popular services, representing one of the largest credential exposures in recent years.
The database lacked even basic protections — no encryption, authentication, or access controls — making the credentials instantly available to anyone who found it. Researchers quickly recognized the severity of the exposure, which reflects a catastrophic failure of fundamental cybersecurity practices and poses serious risks to millions of users across multiple platforms.
Rather than originating from a single breach, the database appears to be an aggregated collection of stolen credentials, likely compiled over years through phishing attacks, malware infections, and prior data breaches. Its scale makes it especially dangerous, as attackers can use the information in credential-stuffing attacks, testing the same login details across thousands of sites. Password reuse, still common despite years of warnings, dramatically amplifies the damage of exposures like this.
What sets this incident apart is not just its size, but its accessibility. Instead of being traded on underground marketplaces, the database was left openly exposed online — either through extreme negligence or deliberate recklessness. The discovery underscores a persistent reality of the digital age: stolen credentials remain one of the most valuable and enduring assets for cyber-criminals, while poor security practices continue to leave users vulnerable at massive scale.
Reports are sourced from official documents, law-enforcement updates, and credible investigations.
Discover additional reports, market trends, crime analysis and Harm Reduction articles on DarkDotWeb to stay informed about the latest dark web operations.
