48 million Gmail passwords compromised, security experts urge immediate action

A staggering database containing 149 million stolen usernames and passwords was exposed online.

The leak was traced and confirmed by cybersecurity researcher Jeremiah Fowler.

The stolen logins included an estimated 48 million Gmail credentials, alongside millions from Facebook, Instagram, Yahoo, Netflix and financial institutions, as reported by Forbes.

The unprotected 96GB database was publicly accessible without a password, containing raw credential data harvested by “infostealer” malware from an infected personal device.

The sources also confirmed that this is not a new breach but rather a compilation of data aggregated from past incidents.

Fowler stated, “I saw thousands of files that included emails, usernames, passwords, and the URL links to the login.”

There were also credentials for .gov domains that raised national security concerns.

Google confirmed the leaked dataset, stating it shows aggregated infostealer logs.

To protect user data going forward, the company said it has automated protections that lock accounts and require password resets when exposed credentials are identified.

How to protect my Google account?

To protect your account, users are urged to enable two-factor authentication, use unique passwords, enable passkeys, and ensure that devices are updated with anti-virus software.