 Cybersecurity Researcher Jeremiah Fowler uncovered a data leak of 149 million logins and passwords, and shared his findings with ExpressVPN. We are publishing his report to help the public stay informed and protected as part of our ongoing effort to highlight important security risks. The publicly exposed database was not password-protected or encrypted. It contained 149,404,754 unique logins and passwords, totaling a massive 96 GB of raw credential data. In a limited sampling of the exposed documents, I saw thousands of files that included emails, usernames, passwords, and the URL links to the login or authorization for the accounts. This is not the first dataset of this kind I have discovered and it only highlights the global threat posed by credential-stealing malware. When data is collected, stolen, or harvested it must be stored somewhere and a cloud based repository is usually the best solution. This discovery also shows that even cybercriminals are not immune to data breaches. The database was publicly accessible, allowing anyone who discovered it to potentially access the credentials of millions of individuals. The exposed records included usernames and passwords collected from victims around the world, spanning a wide range of commonly used online services and about any type of account imaginable. These ranged from social media platforms such as Facebook, Instagram, Tiktok and X (formerly Twitter), as well as dating sites or apps, and OnlyFans accounts indicating login paths of both creators and customers. I also saw a large number of streaming and entertainment accounts, including Netflix, HBOmax, DisneyPlus, Roblox, and more. Financial services accounts, crypto wallets or trading accounts, banking and credit card logins also appeared in the limited sample of records I reviewed. One serious concern was the presence of credentials associated with .gov domains from numerous countries. While not every government-linked account grants access to sensitive systems, even limited access could have serious implications depending on the role and permissions of the compromised user. Exposed government credentials could be potentially used for targeted spear-phishing, impersonation, or as an entry point into government networks. This increases the potential of .gov credentials posing national security and public safety risks. The database had no associated ownership information so I reported it directly to the hosting provider via their online report abuse form. I received a reply several days later stating that they do not host the IP and it is a subsidiary that operates independently while still using the parent organization's name. It took nearly a month and multiple attempts before action was finally taken and the hosting was suspended and millions of stolen login credentials were no longer accessible. The hosting provider would not disclose any additional information regarding who managed the database, it is not known if the database was used for criminal activity or if this information was gathered for legitimate research purposes or how or why the database was publicly exposed. It is not known how long the database was exposed before I discovered and reported it or others may have gained access to it. One disturbing fact is that the number of records increased from the time I discovered the database until it was restricted and no longer available. The database appeared to store keylogging and “infostealer” malware, a type of malicious software designed to silently harvest credentials from infected devices. These files were different from previous infostealer malware datasets that I have seen because it logged additional information. The records also included the “host_reversed path” formatted as (com.example.user.machine). This structure is used to create an easily indexable way to organize the stolen data by victim and source. Reversing the hostname can also help avoid directory conflicts or as an attempt to bypass basic detection rules that look for standard domain formats. The system used a line hash as the document ID to ensure one unique record per unique log line. In a limited search of these hash and document IDs it was identified that they were indeed unique and returned no duplicates. The exposure of such a large number of unique logins and passwords presents a potentially serious security risk to a large number of individuals who may not know their information was stolen or exposed. Because the data includes emails, usernames, passwords, and the exact login URLs, criminals could potentially automate credential-stuffing attacks against exposed accounts including email, financial services, social networks, enterprise systems, and more. This dramatically increases the likelihood of fraud, potential identity theft, financial crimes, and phishing campaigns that could appear legitimate because they reference real accounts and services. For more visit Our Forum.  According to Cloudflare, the internet's second-largest content delivery network (CDN), global internet traffic grew nearly 20% in 2025. You and I watching more YouTube videos is not what's driving that growth. Much of this rise comes from bots, AI crawlers, and automated attacks rather than human users. At the same time, satellite connectivity, post-quantum encryption, and mobile-heavy use have reshaped how and where people access the internet. Cloudflare's 2025 Radar Year in Review shows global internet traffic rising by about 19% year over year, with growth accelerating sharply from late summer through November. Behind that overall growth, non-human activity expanded even faster. A significant share of global traffic passing through Cloudflare's network was classified as bot traffic, including search crawlers, AI agents, and outright malicious automation. In particular, AI bots are making life miserable for website owners as they strip-mine the net for large language model (LLM) data. Earlier this year, Cloudflare reported that 30% of global web traffic now comes from bots, with AI bots leading the way. These bots put tremendous pressure on websites, generating as many as 30 terabits of data requests in a single surge. That's high enough that the demands of AI bots amount to a Distributed Denial of Service (DDoS) attack. As a result, AI became a central driver of internet traffic in 2025. As Cloudflare CEO and co-founder Matthew Prince said in a statement, "The internet isn't just changing, it's being fundamentally rewired. From AI to more creative and sophisticated threat actors, every day is different." Googlebot again generated the highest request volume to Cloudflare, crawling millions of sites for both traditional search indexing and AI training. Googlebot is responsible for about 4.5% of all HTML requests across Cloudflare‑protected sites in 2025 and reaches 11.6% of unique pages in a focused AI‑crawler sample. Googlebot outpaces other AI-oriented crawlers -- such as OpenAI's GPTBot, the next most active AI crawler, and Microsoft's Bingbot -- by a wide margin. AI "user action" crawling bots, such as Perplexity's user agent, which fetch pages in response to chatbot prompts or agent workflows, grew more than 15-fold over the year. How we get to the internet keeps tilting in favor of smartphones. Today, 43% of us use smartphones to access the internet, with only 57% still using PCs. Digging deeper, while Apple iOS devices dominate in the US, iOS accounted for about 35% of global mobile traffic worldwide. Globally, Android remained the volume leader, accounting for 65%. The market share of other mobile operating systems is negligible. As for web browsers, it's no surprise that, according to Cloudflare's count, Google Chrome is the most popular browser, with 67.9% of the desktop market and 85.4% of the mobile market. On the desktop, Edge, Microsoft's Chrome-based browser, has 14.4%. FireFox? It's down to 6.7%. Inside the US, the federal government's Digital Analytics Program (DAP), with its running count of the last 90 days of US government website visits, also has Chrome on top with 64.6%. That's followed by Safari with 22.8%, thanks to America's love affair with iPhones, then Edge's 7.4%, and Firefox limping in at an ever-declining 1.7%. There are no surprises here. You could probably guess the top five websites: Google, Facebook, Apple, Microsoft, and Instagram. However, the more you look, the more interesting it gets. For example, in the AI arena, ChatGPT is at the top, followed by Claude/Anthropic in second place, and Perplexity in third. Copilot? It's in sixth place. Microsoft is putting Copilot into everything, and Windows Kitchen Sink doesn't seem to be working. The top five social networks, with Facebook at the top, have one surprise. LinkedIn is in fifth. Twitter/X? It's in the sixth spot. Video streaming remains dominated by YouTube. Netflix is in second place, followed by Twitch, Roku (Yes, Roku), and then Disney+ in fifth. Satellite internet moved from early-adopter novelty toward mainstream infrastructure. Cloudflare's data shows that Starlink traffic more than doubled globally in 2025, with overall request volume increasing by about 2.3 times over the year. That growth coincided with the launch of services in more than 20 new countries and regions, and continued uptake in markets where Starlink was already available. This expansion is bringing broadband to rural areas, where Starlink has become the default choice for users wanting fast internet. Cloudflare's network saw the impact as new clusters of traffic appeared in previously low-activity regions, while some markets experienced brief turbulence as terrestrial ISPs adjusted peering and routing to accommodate the new mix. For more trun to OUR FORUM.  The social media platform will have to pay $140 million for breaching the Digital Services Act. The US has accused Brussels of an “attack” on Americans after the EU fined Elon Musk’s social media platform X €120 million ($140 million) for violating the bloc’s content-moderation rules. |
Latest Articles
|