By Jenny Leight, Business Strategy, Carefull
A major online credential leak has put millions of people’s accounts at risk, and this could directly affect your member’s digital, identity, and financial security if any of their email or account passwords were involved.
Here’s what you need to know.
Cybersecurity researcher Jeremiah Fowler discovered a publicly accessible, unsecured database containing about 149 million usernames and passwords.
The database was unencrypted and open on the web with no password protection, meaning anyone who found it could view the data.
This wasn’t a breach of a single company’s systems. Instead, the information came from personal computers and phones that had been infected with harmful software. That harmful software quietly collected saved login information without people realizing it.
The stolen data included emails, usernames, passwords, and URLs where those credentials could be used. This kind of exposure is especially concerning because criminals can take real usernames and passwords and try them on other websites, especially if the same password is used in more than one place.
Security researchers shared estimates showing which accounts appeared most frequently in the exposed database. These numbers represent how many usernames and passwords were found for each service:
48 million – Gmail
17 million – Facebook
6.5 million – Instagram
4 million – Yahoo Mail
3.4 million – Netflix
1.5 million – Outlook
1.4 million – .edu (school and university email accounts)
900,000 – iCloud Mail
780,000 – TikTok
420,000 – Binance (cryptocurrency accounts)
100,000 – OnlyFans
If you use any of these services, especially email, your account may be at higher risk – particularly if you:
Reuse the same password in more than one place
Save passwords on your computer or phone
Haven’t changed passwords in a long time
Email accounts are especially important to protect, because they can be used to reset passwords for banks, shopping sites, and other personal accounts.
Change passwords for important accounts, starting with email and financial accounts
Use different passwords for different websites
Watch for unusual emails, login alerts, or activity you don’t recognize
If this feels overwhelming, you’re not alone and you don’t have to figure it out by yourself. Carefull can help monitor for unusual activity and guide you through next steps, calmly and step-by-step.
Connect with Carefull to learn more.