A cybersecurity researcher has uncovered a massive, publicly accessible database containing millions of stolen login credentials harvested from malware-infected personal devices, including accounts linked to major social media platforms and the crypto exchange Binance. The dataset, which was discovered by cybersecurity researcher Jeremiah Fowler, contained around 149 million usernames and passwords from personal phones and computers, according to a Friday blog post published on ExpressVPN.
The records were tied to services including Facebook, Instagram, Netflix, and Binance, with at least 420,000 credentials associated with Binance users. The leak contained 48 million Gmail accounts, four million Yahoo accounts, 17 million Facebook accounts, 6.5 million Instagram accounts, 3.4 million Netflix accounts, and 780,000 TikTok accounts, among others. This highlights the severity of the issue, as these credentials can be used for various malicious activities, including phishing attacks and identity theft.
“This is not the first dataset of this kind I have discovered, and it only highlights the global threat posed by credential-stealing malware,” said Fowler in the blog post. “Financial services accounts, crypto wallets or trading accounts, banking, and credit card logins also appeared in the limited sample of records I reviewed,” he added. The researcher also noted a concerning number of credentials associated with government-linked accounts and.gov domains, which open the door to phishing attacks, potentially allowing attackers to impersonate government agencies.
The 94-gigabyte infostealer data set uncovered by researcher Jeremiah Fowler is a significant concern for users, as it can be used for various malicious activities. The researcher’s findings emphasize the importance of using strong passwords, enabling two-factor authentication, and keeping devices and software up to date to prevent such attacks.
Credential Theft and Its Implications
Security experts stressed that the exposure does not indicate a breach of Binance’s internal systems. Instead, the credentials were collected through so-called “infostealer” malware that silently extracts saved logins from compromised devices. “Infostealer is a known malware variant that steals user credentials when the users’ devices are compromised. Those are not leaks from Binance,” a spokesperson for Binance told Cointelegraph.
The incident signals a data leak on the end-user devices, not a breach to the exchange’s core systems, Deddy Lavid, the CEO of blockchain cybersecurity company Cyvers, told Cointelegraph. This highlights why the industry is shifting toward prevention-first security models that can detect and stop suspicious activity before funds are moved, alongside strong user hygiene such as hardware-based MFA and secure password practices.
Infostealer Malware: A Growing Threat
Cybersecurity firm Kaspersky first reported on the threat of the new infostealer malware in December 2025, which disguises itself as a game cheat or mod, targeting cryptocurrency wallets and browser extensions. Discovered in November, attackers use this malware to hijack accounts, steal cryptocurrency, and install crypto miners on the victims’ computers, which are masked as video game cracks or mods, particularly for Roblox.
A fake website pretending to offer Roblox scripts, Source: Kaspersky. Built on the Chromium and Gecko engines, the malware’s dangers extend to over 100 browsers, including the most popular ones such as Chrome, Firefox, Opera, Yandex, Edge, and Brave. The malware also targeted the users of at least 80 cryptocurrency exchanges, including Binance, Coinbase, Crypto.com, SafePal, Trust Wallet, MetaMask, Ton, Phantom, Nexus, and Exodus.
Protecting Against Infostealers
To avoid falling victim to infostealers, users should run a reliable antivirus on their computers and keep an updated security and operating system on their mobile devices, Fowler said. It is essential for users to be aware of the risks associated with infostealers and take necessary precautions to protect their devices and accounts.
For more information on this topic, you can visit Here
Smart Tip for Readers
To protect yourself from infostealer malware, make sure to use unique and complex passwords for all your accounts, and enable two-factor authentication whenever possible. Regularly update your devices and software to ensure you have the latest security patches and features.
