Brooke Davies
Published January 24, 2026 3:29pm
Updated January 24, 2026 3:41pm
Share this article via whatsappShare this article via xCopy the link to this article.Link is copiedShare this article via facebook
Comment now
Comments
The full database contains 149 million compromised credentials (Picture: imageBROKER/Shutterstock)
Some 48 million Gmail usernames and passwords have been leaked in a criminal database.
The full database contains 149 million compromised credentials, including 17 million Facebook accounts, 6.5 million Instagram accounts, and 4 million Yahoo usernames and passwords.
It was publicly available for one whole month before security researcher Jeremiah Fowler was able to get it taken down.
He said: ‘The publicly exposed database was not password-protected or encrypted.
‘I saw thousands of files that included emails, usernames, passwords, and the URL links to the login or authorization for the accounts.’
The database most likely contains information from past breaches, rather than all the data being newly leaked.
According to Fowler, here is the total number of accounts leaked.
- Gmail – 48 million
- Facebook – 17 million
- Instagram – 6.5 million
- Yahoo – 4 million
- Netflix – 3.4 million
- Outlook – 1.5 million
The leaked accounts were publicly available for one whole month before security researcher Jeremiah Fowler was able to get it taken down (Picture: Getty Images)
Google told Forbes: ‘We are aware of reports regarding a dataset containing a wide range of credentials, including some from Gmail.
‘This data represents a compilation of ‘infostealer’ logs—credentials harvested from personal devices by third-party malware—that have been aggregated over time.
‘We continuously monitor for this type of external activity and have automated protections in place that lock accounts and force password resets when we identify exposed credentials.’
How to check if your Gmail account leaked
You can check whether the details for any accounts you might have were shared in the data breaches collated by Have I Been Pwned.
To do so, navigate to their website and enter your email address.
This will not only show whether the email account itself was compromised but also any website or app accounts created using that email address.
The compromised details can include email addresses, passwords and other details such as your name and locations linked to the account.
What to do if your username or password has been leaked
If your email address gives any hits, you should firstly check the date of the breach and what types of information were leaked.
More Trending
-
Amazon Fire TV device will stop working in weeks
Channel: Tech Tech 4 days ago By Josh Milton - YouTube AI is mass-banning channels - and rejecting appeals 'within minutes'
- 'See-through bikini loophole meant Grok AI generated images of my genitalia'
- 'Trolls asked Elon Musk's Grok AI to undress me - and to my horror it did'
If it says passwords were also leaked in that breach, and you have not changed your password since the breach occurred, then you should change your password as soon as possible.
When you go to change the password, you should also ensure that the account’s recovery email address remains your own.
Otherwise, a hacker may have changed it to an account which they have access to, allowing them to reset the password and gain access to the account again.
If a password you’ve used shows up on Pwned Passwords, their advice is to ‘change it immediately’.
Get in touch with our news team by emailing us at [email protected].
For more stories like this, check our news page.
Arrow MORE: Arc Raiders fans are review bombing an Italian hotel for the weirdest reason
Arrow MORE: Do you live in a heartbreak hotspot? The UK towns where residents are unluckiest in love
Arrow MORE: A ‘wonky holiday’ could save you serious cash — here’s how to book one
Comment now Comments Add Metro as a Preferred Source on Google Add as preferred source News UpdatesStay on top of the headlines with daily email updates.
Email I agree to receive newsletters from Metro I agree to receive newsletters from Metro Sign UpSign UpThis site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. Your information will be used in line with our Privacy Policy