A massive database containing roughly 149 million usernames and passwords was discovered on an openly accessible server. The leak includes credentials for major services such as Gmail, Facebook, Instagram, TikTok, Netflix, iCloud and more, with a notable number of Swedish email addresses and phone numbers exposed. Users must act quickly to protect their accounts.
What Happened
The compromised files have been publicly reachable since at least yesterday, though the exact source of the breach remains unclear. Analysis shows the collection holds about 149 million credential pairs, making it one of the largest publicly available dumps.
Scope of the Leak
- Gmail: 48 million accounts
- Facebook: 17 million accounts
- Instagram: 6.5 million accounts
- Yahoo: 4 million accounts
- Netflix: 3.4 million accounts
- Outlook: 1.5 million accounts
- .edu domains: 1.4 million accounts
- iCloud: 900 000 accounts
- TikTok: 780 000 accounts
- Binance: 420 000 accounts
- OnlyFans: 100 000 accounts
Background on Large‑Scale Breaches
Data breaches of this magnitude are rare but not unprecedented. Previous public dumps have gathered hundreds of millions of email‑password combinations, yet this leak is unique because it requires no authentication or payment to access, dramatically increasing the risk of automated credential‑stuffing attacks.
Impact on Swedish Users
Swedish internet users are among those affected, with many accounts tied to local email domains and phone numbers. The exposure raises the likelihood of unauthorized access across multiple platforms.
Recommended Security Actions
- Change passwords for every service listed, especially if the same password was reused.
- Enable two‑factor authentication (2FA) wherever possible to add an extra protection layer.
- Monitor account activity for unfamiliar logins or sudden changes in settings.
- Use a password manager to generate and store unique, strong passwords for each service.
- Stay vigilant against phishing attempts that may exploit the leak to trick users into revealing more information.
Future Outlook
The incident highlights the growing challenge of safeguarding digital identities in an era where stolen data is traded on the black market at scale. While companies can quickly reset compromised accounts and add extra safeguards, long‑term protection depends on better user education, stronger authentication methods, and proactive security policies from both providers and regulators.
