Huge Data Leak Exposes Over 50 Million Gmail, Outlook And iCloud Credentials

Like the winter storm currently raging across the United States, a chilling wave of cybersecurity alarms is making the rounds as well. And with over 149 million users impacted across major email providers, Meta-owned Facebook & Instagram, TikTok, Binance, and even services like Roblox, Netflix or OnlyFans, everyone should sit up and pay attention. Of the 149 million accounts compromised, 50 million of them are linked to email providers including Gmail, Yahoo, Outlook, iCloud, and .edu emails. 48 million of those are Gmail users specifically, making Google's email service by far the most-impacted by this compiled mega-leak.

Fortunately, the leak has already been taken down as of writing, and was a database based on past breaches, not any new major data breaches. So while you likely should still reset your passwords and perhaps consider a password manager and/or two-factor authentication for essential accounts, there is less urgency if you've already gone through the process recently enough to not be impacted.

Even so, it's important to stay alert, particularly as Q1 of 2026 sees many markets, especially the PC hardware market, shift into some unprecedented positions. Disruption isn't just felt in international business circles—lowered income and higher prices historically trend toward higher crime rates in general, including cyber-crime from which crooks may be less likely to face consequences. Even with secured account credentials, rampant scams on social media platforms and ever-emerging malware threats require users stay vigilant of even trusted applications or extensions.

The original report on the ExpressVPN blog by cybersecurity researcher Jeremiah Fowler, goes into detail about the compromised accounts and how the information was sourced. As mentioned prior, the combined database was formed from the information leaked in past security breaches—including some that had previously remained privately-held by specific groups of cybercriminals. This means that, yes, at least a few hackers were themselves hacked in order to source credentials for the database, which also included financial services, crypto wallets, and trading accounts. Even some .gov domains had credentials listed—it's hard to understate the sheer scale of this information.

While the main publicly accessible database was taken down by Jeremiah Fowler's reports, there's little question that cyber criminals of the world still have ways to access it, or even made their own backups of it. Per the original report, "it is not known how long the database was exposed before I discovered and reported it or others may have gained access to it", and that "the number of records increased from the time I discovered the database until it was restricted and no longer available".