{"id":429455,"date":"2026-01-24T04:04:18","date_gmt":"2026-01-24T04:04:18","guid":{"rendered":"https:\/\/www.newsbeep.com\/ca\/429455\/"},"modified":"2026-01-24T04:04:18","modified_gmt":"2026-01-24T04:04:18","slug":"48-million-gmail-usernames-and-passwords-leaked-online-again","status":"publish","type":"post","link":"https:\/\/www.newsbeep.com\/ca\/429455\/","title":{"rendered":"48 Million Gmail Usernames And Passwords Leaked Online Again"},"content":{"rendered":"<p><img decoding=\"async\" class=\" top-image\" src=\"https:\/\/www.newsbeep.com\/ca\/wp-content\/uploads\/2026\/01\/1769227458_917_0x0.jpg\" alt=\"Gmail logo displayed on smartphone.\" data-height=\"1723\" data-width=\"2585\" fetchpriority=\"high\" style=\"position:absolute;top:0\"\/><\/p>\n<p>48 million Gmail login credentials exposed in massive leak.<\/p>\n<p>SOPA Images\/LightRocket via Getty Images<\/p>\n<p>A highly respected veteran security researcher has confirmed that a database of 149 million compromised credentials, including those for an estimated 48 million Gmail accounts, has been leaked online. \u201cThe publicly exposed database was not password-protected or encrypted,\u201d Jeremiah Fowler said, adding that the database of unique logins and passwords totalled \u201ca massive 96 GB of raw credential data.\u201d Here\u2019s what we know so far, and what action you need to take.<\/p>\n<p><a class=\"embed-base color-body color-body-border link-embed embed-1\" href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2026\/01\/22\/lastpass-issues-critical-warning-for-users---password-attacks-underway\/\" target=\"_blank\" aria-label=\"LastPass Issues Critical Warning For Users \u2014 Password Attacks Underway\" data-ga-track=\"forbesEmbedly:https:\/\/www.forbes.com\/sites\/daveywinder\/2026\/01\/22\/lastpass-issues-critical-warning-for-users---password-attacks-underway\/\" rel=\"nofollow noopener\">ForbesLastPass Issues Critical Warning For Users \u2014 Password Attacks UnderwayBy Davey Winder<\/a>149 Million Login Credentials Exposed In Leak \u2014 Including An Estimated 48 Million Gmail Accounts<\/p>\n<p>It\u2019s not been the greatest start to a new year when it comes to password security. The LastPass password manager has <a class=\"color-link\" href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2026\/01\/22\/lastpass-issues-critical-warning-for-users---password-attacks-underway\/\" data-ga-track=\"InternalLink:https:\/\/www.forbes.com\/sites\/daveywinder\/2026\/01\/22\/lastpass-issues-critical-warning-for-users---password-attacks-underway\/\" target=\"_self\" aria-label=\"issued a warning\" rel=\"nofollow noopener\">issued a warning<\/a> for millions of users as attacks have been confirmed as underway, <a class=\"color-link\" href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2026\/01\/16\/12-billion-linkedin-users-put-on-alert-after-policy-violation-attacks\/\" data-ga-track=\"InternalLink:https:\/\/www.forbes.com\/sites\/daveywinder\/2026\/01\/16\/12-billion-linkedin-users-put-on-alert-after-policy-violation-attacks\/\" target=\"_self\" aria-label=\"LinkedIn users\" rel=\"nofollow noopener\">LinkedIn users<\/a> are alsoon alert as policy violation scammers target account passwords, and now comes the breaking news that a whopping great 149 million compromised credentials have been exposed online in an unprotected database.<\/p>\n<p>According to cybersecurity researcher Jeremiah Fowler, who uncovered the leaked database and has published <a class=\"color-link\" href=\"https:\/\/www.expressvpn.com\/blog\/149m-infostealer-data-exposed\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" data-ga-track=\"ExternalLink:https:\/\/www.expressvpn.com\/blog\/149m-infostealer-data-exposed\/\" aria-label=\"a report\">a report<\/a> sharing his findings, the database contained a total of 149,404,754 unique logins and password.<\/p>\n<p>It should be noted that this is not a new breach of the services involved, and most likely is a database made up of data from <a class=\"color-link\" href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2025\/10\/28\/gmail-passwords-confirmed-as-part-of-183-million-account-data-breach\/\" data-ga-track=\"InternalLink:https:\/\/www.forbes.com\/sites\/daveywinder\/2025\/10\/28\/gmail-passwords-confirmed-as-part-of-183-million-account-data-breach\/\" target=\"_self\" aria-label=\"past breaches and infostealer logs\" rel=\"nofollow noopener\">past breaches and infostealer logs<\/a>.<\/p>\n<p>\u201cI saw thousands of files that included emails, usernames, passwords, and the URL links to the login or authorization for the accounts,\u201d Fowler has confirmed, adding that the database illustrates that cybercriminals themselves are \u201cnot immune to data breaches.\u201d<\/p>\n<p>Fowler has estimated the number of accounts for major services that had their compromised credentials included in the leaked database, with the most, by a long chalk, seemingly belonging to Gmail users.<\/p>\n<p>Here are the totals provided by Fowler, in order of volume:<\/p>\n<p>Gmail &#8211; 48 millionFacebook &#8211; 17 millionInstagram &#8211; 6.5 millionYahoo &#8211; 4 millionNetflix &#8211; 3.4 millionOutlook &#8211; 1.5 million<\/p>\n<p>The good news is that the database is no longer available online, although it took more than a month for Fowler to get it taken down.<\/p>\n<p>Matt Conlon, CEO of Cytidel, has called it a treasure trove for anyone with malicious intent. \u201cInfo stealers have seen a significant rise in prevalence over the past few years,\u201d Conlon said, \u201cand a data breach like this highlights just how widespread this issue is.\u201d<\/p>\n<p>Meanwhile, Boris Cipot, a senior security engineer at Black Duck, said that \u201cthere is no way to know how much damage or data leakage occurred before it was removed,\u201d adding that \u201cthe database also contained logins for government, banking, and streaming services, making it a highly valuable target for cybercriminals.\u201d<\/p>\n<p>I reached out to my contacts at Google and Gmail for a statement and a spokesperson told me: &#8220;We are aware of reports regarding a dataset containing a wide range of credentials, including some from Gmail. This data represents a compilation of &#8216;infostealer\u2019 logs\u2014credentials harvested from personal devices by third-party malware\u2014that have been aggregated over time. We continuously monitor for this type of external activity and have automated protections in place that lock accounts and force password resets when we identify exposed credentials.&#8221; <\/p>\n<p>So, to reiterate, this is not a new breach, it impacts multiple services, and is most likely a compilation of existing compromised credentials. Gmail just happens to be the one that is featured most, by some margin, within it. So don\u2019t panic, but do ensure you have unique passwords and ideally make use of the Google passkey function instead.<\/p>\n<p><a class=\"embed-base color-body color-body-border link-embed embed-2\" href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2026\/01\/16\/facebook-password-warning-for-3-billion-users-as-attacks-surge\/\" target=\"_blank\" aria-label=\"New Facebook Warning For 3 Billion Users After Password Attacks\" data-ga-track=\"forbesEmbedly:https:\/\/www.forbes.com\/sites\/daveywinder\/2026\/01\/16\/facebook-password-warning-for-3-billion-users-as-attacks-surge\/\" rel=\"nofollow noopener\">ForbesNew Facebook Warning For 3 Billion Users After Password AttacksBy Davey Winder<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"48 million Gmail login credentials exposed in massive leak. SOPA Images\/LightRocket via Getty Images A highly respected veteran&hellip;\n","protected":false},"author":2,"featured_media":224487,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[49,48,178966,178965,178961,26111,178962,178960,178964,178963,178967,61],"class_list":{"0":"post-429455","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-technology","8":"tag-ca","9":"tag-canada","10":"tag-credentials-leaked","11":"tag-expressvpn","12":"tag-gmail-login","13":"tag-gmail-password","14":"tag-gmail-password-leak","15":"tag-gmailleak","16":"tag-has-gmail-been-hacked","17":"tag-has-my-gmail-password-been-hacked","18":"tag-password","19":"tag-technology"},"_links":{"self":[{"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/posts\/429455","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/comments?post=429455"}],"version-history":[{"count":0,"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/posts\/429455\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/media\/224487"}],"wp:attachment":[{"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/media?parent=429455"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/categories?post=429455"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/tags?post=429455"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}