"About any type of account imaginable" — 149 million usernames and passwords exposed, and it's way more than just Outlook, OnlyFans, and Gmail

Social media, streaming, financial, and dating sites are all part of the enormous 96GB breach.

A 96GB database containing more than 149 million logins and passwords was recently discovered by respected cybersecurity researcher Jeremiah Fowler. The findings, which ExpressVPN published in its research blog, lay out Fowler's findings in detail.

The data, which was openly accessible to anyone who knew where to find it, was full of usernames and passwords from people all over the world. Estimates place email credentials at the top of the list of leaks, with Gmail alone taking up 48 million entries. Outlook is on the list with 1.5 million leaks. Yahoo, iCloud, and .edu addresses make up more than 6 million leaks.

Fowler lists Facebook, Instagram, TikTok, OnlyFans, HBO Max, Disney+, Roblox, Binance, and X (aka Twitter) as other notable accounts discovered in the exposed database.

It gets worse. Financial accounts, including crypto wallets, banking, and credit card credentials, were also spotted in the limited sample that Fowler viewed. The presence of .gov domain credentials from "numerous countries" has Fowler concerned about national and public safety; this sort of info can be used as an entry into protected government networking.

That's a wide enough swath that practically anyone plugged into the internet could be exposed. Here's a quick estimation of Fowler's findings:

• Gmail — 48 million
• Yahoo — 4 million
• Outlook — 1.5 million
• .edu — 1.4 million
• iCloud — 900,000
• Facebook — 17 million
• Instagram — 6.5 million
• Netflix — 3.4 million
• Binance — 420,000
• OnlyFans — 100,000