A data leak warning has been issued – as tens of millions of online login credentials have seemingly been left exposed to criminals.A data leak warning has been issued - as tens of millions of online login credentials have seemingly been left exposed to criminals.

A data leak warning has been issued – as tens of millions of online login credentials have seemingly been left exposed to criminals.(Image: )

An urgent warning has been issued to 149million Gmail users over stolen passwords. A data leak warning has been issued – as tens of millions of online login credentials have seemingly been left exposed to criminals.

Gmail is the worst hit, with 48 million accounts affected, while Facebook, which is owned by Meta, has seen 17 million affected.

6.5 million Instagram accounts were also affected, along with four million from Yahoo Mail, 3.4 million from Netflix, and Outlook with 1.5 million. Cybersecurity researcher Jeremiah Fowler said: “Thousands of files included emails, usernames, passwords, and the URLs for logging in or authorizing the accounts.

READ MORE Major UK high street chain rebrands and starts shutting stores tomorrow

“The exposed records included usernames and passwords collected from victims around the world, spanning a wide range of commonly used online services and about any type of account imaginable.”

Fowler said he saw a range of social media platforms in the data leak, along with dating sites.

“I also saw a large number of streaming and entertainment accounts, including Netflix, HBOmax, DisneyPlus, Roblox, and more” he shared in the report.

“Financial services accounts, crypto wallets or trading accounts, banking and credit card logins also appeared in the limited sample of records I reviewed.”

A Google spokesperson told the Daily Mail: “We are aware of reports regarding a dataset containing a wide range of credentials, including some from Gmail.

“This data represents a compilation of ‘infostealer’ logs, credentials harvested from personal devices by third-party malware, that have been aggregated over time.

“We continuously monitor for this type of external activity and have automated protections in place that lock accounts and force password resets when we identify exposed credentials.”

Fowler said:”‘Because the data includes emails, usernames, passwords, and the exact login URLs, criminals could potentially automate credential-stuffing attacks against exposed accounts, including email, financial services, social networks, enterprise systems, and more.

“This dramatically increases the likelihood of fraud, potential identity theft, financial crimes, and phishing campaigns that could appear legitimate because they reference real accounts and services.”