![](\"https:\/\/s3.cointelegraph.com\/uploads\/2026-01\/019bfa12-2a47-7c07-98ef-b51ef8092b63.jpg\" "\\"\\"\/")
<\/p>\nA cybersecurity researcher has uncovered a massive, publicly accessible database containing millions of stolen login credentials harvested from malware-infected personal devices, including accounts linked to major social media platforms and the crypto exchange Binance. The dataset, which was discovered by cybersecurity researcher Jeremiah Fowler, contained around 149 million usernames and passwords from personal phones and computers, according to a Friday blog post published on ExpressVPN.<\/p>\n
The records were tied to services including Facebook, Instagram, Netflix, and Binance, with at least 420,000 credentials associated with Binance users. The leak contained 48 million Gmail accounts, four million Yahoo accounts, 17 million Facebook accounts, 6.5 million Instagram accounts, 3.4 million Netflix accounts, and 780,000 TikTok accounts, among others. This highlights the severity of the issue, as these credentials can be used for various malicious activities, including phishing attacks and identity theft.<\/p>\n
\u201cThis is not the first dataset of this kind I have discovered, and it only highlights the global threat posed by credential-stealing malware,\u201d said Fowler in the blog post. \u201cFinancial services accounts, crypto wallets or trading accounts, banking, and credit card logins also appeared in the limited sample of records I reviewed,\u201d he added. The researcher also noted a concerning number of credentials associated with government-linked accounts and.gov domains, which open the door to phishing attacks, potentially allowing attackers to impersonate government agencies.<\/p>\n
The 94-gigabyte infostealer data set uncovered by researcher Jeremiah Fowler is a significant concern for users, as it can be used for various malicious activities. The researcher’s findings emphasize the importance of using strong passwords, enabling two-factor authentication, and keeping devices and software up to date to prevent such attacks.<\/p>\n
Security experts stressed that the exposure does not indicate a breach of Binance\u2019s internal systems. Instead, the credentials were collected through so-called \u201cinfostealer\u201d malware that silently extracts saved logins from compromised devices. \u201cInfostealer is a known malware variant that steals user credentials when the users\u2019 devices are compromised. Those are not leaks from Binance,\u201d a spokesperson for Binance told Cointelegraph.<\/p>\n
The incident signals a data leak on the end-user devices, not a breach to the exchange\u2019s core systems, Deddy Lavid, the CEO of blockchain cybersecurity company Cyvers, told Cointelegraph. This highlights why the industry is shifting toward prevention-first security models that can detect and stop suspicious activity before funds are moved, alongside strong user hygiene such as hardware-based MFA and secure password practices.<\/p>\n
Cybersecurity firm Kaspersky first reported on the threat of the new infostealer malware in December 2025, which disguises itself as a game cheat or mod, targeting cryptocurrency wallets and browser extensions. Discovered in November, attackers use this malware to hijack accounts, steal cryptocurrency, and install crypto miners on the victims\u2019 computers, which are masked as video game cracks or mods, particularly for Roblox.<\/p>\n
<\/p>\n
A fake website pretending to offer Roblox scripts, Source: Kaspersky. Built on the Chromium and Gecko engines, the malware\u2019s dangers extend to over 100 browsers, including the most popular ones such as Chrome, Firefox, Opera, Yandex, Edge, and Brave. The malware also targeted the users of at least 80 cryptocurrency exchanges, including Binance, Coinbase, Crypto.com, SafePal, Trust Wallet, MetaMask, Ton, Phantom, Nexus, and Exodus.<\/p>\n
To avoid falling victim to infostealers, users should run a reliable antivirus on their computers and keep an updated security and operating system on their mobile devices, Fowler said. It is essential for users to be aware of the risks associated with infostealers and take necessary precautions to protect their devices and accounts.<\/p>\n