Facebook and Instagram Passwords Exposed: 149M Logins Leaked

Share On:

Facebook and Instagram Passwords

The recent Facebook and Instagram passwords exposed incident shows how quickly stolen login credentials can lead to actual account theft.

Researchers discovered a cloud database that had security flaws because it exposed more than 149 million unique login credentials which hackers had obtained through credential-stealing malware that included logins for Facebook Instagram Gmail Netflix TikTok Binance and OnlyFans.

The leaked dataset contained 96GB of structured information which included usernames passwords service URLs and device-related identifiers. The attackers received data which they could use to build automated systems that would allow them to attack multiple targets simultaneously.

What Happened in the Facebook and Instagram Passwords Exposed Leak?

According to Cybernews, the exposed database was likely used to store credentials harvested by infostealer malware (also known as credential-stealing malware). These malicious programs quietly infect devices and collect logins from browsers, apps, and stored password vaults, then send that data back to an attacker-controlled server or database.

Researchers say the exposed repository contained:

  • 149M+ unique logins and passwords
  • 96GB of raw credential data
  • URLs linked to specific services and accounts
  • Device identifiers and structured records designed to stay organized and searchable

Cybernews reports that ExpressVPN researchers discovered the database, and that it remained exposed for weeks, with access restricted only after roughly a month. Even more worrying, the number of records reportedly increased during the period it was publicly accessible.

Which Platforms Were Affected?

The dataset reportedly contained credentials for many widely used services. Based on the estimates shared in the report, the impacted accounts included:

  • Gmail: 48M
  • Facebook: 17M
  • Instagram: 6.5M
  • Yahoo: 4M
  • Netflix: 3.4M
  • Outlook: 1.5M
  • iCloud: 900K
  • TikTok: 780K
  • Binance: 420K
  • OnlyFans: 100K

This shows why “Facebook and Instagram passwords exposed” is only part of the headline. The real story is that multiple services were included, which makes password reuse far more dangerous.

Why This Leak Is So Dangerous (Even If You Think You Are Safe)

The value of a credential leak increases when its data becomes structurally organized and easily accessible. The Cybernews article presents the dataset which contains organized data that cybercriminals can exploit for their mass hacking operations. The following list shows how attackers use stolen credentials to execute their attacks.

  • Lock you out of your accounts: Hackers can log in to your account, change your password, and update recovery details to gain full control of your account. The hackers operate the account to distribute spam and scam messages through a profile that appears to be trustworthy.
  • Steal identity or abuse personal information: Attackers who access your financial or email accounts can use stored information to impersonate you and gain access to your other accounts.
  • Launch convincing phishing attacks: Criminals who obtain actual usernames and service URLs along with login information can create authentic-looking phishing emails and counterfeit login webpages.
  • Credential stuffing on other websites: Attackers attempt to access multiple accounts by testing the same credentials across various platforms when users reuse passwords for different online services. This method represents the quickest route through which hackers can obtain control over numerous user accounts.

The moment Facebook and Instagram passwords exposed become part of a larger credential dump which includes social media platforms turns into an identity security issue.

How Infostealer Malware Collects Passwords in the First Place

One key detail in this story is that the database likely came from infostealer malware operations, not directly from Meta’s internal systems.

Infostealers are designed to quietly extract data such as:

  • Saved browser passwords
  • Autofill information
  • Cookies and active login sessions
  • Crypto wallet information
  • Device/system identifiers

Cybernews explains that the collected data is stored in attacker databases and later used for fraud, identity theft, and account takeovers.

In other words, this type of leak often begins with an infected device, not a hacked app.

Were Government Accounts Included Too?

Cybernews reports that the researcher also observed credentials associated with government accounts in the exposed data sample.

That raises the risk significantly, because government email access can be used for internal phishing, malware deployment, or attempts to reach sensitive systems.

Even if only a portion of these records are valid, a dataset like this can still create serious downstream damage.

What You Should Do Right Now (Practical Steps)

If you have ever logged into Facebook, Instagram, Gmail, Netflix, or any of the listed services on a shared device or an older laptop, take the next steps seriously.

1) Change your passwords (starting with email first)

Prioritize:

  1. Email account password
  2. Facebook and Instagram passwords
  3. Banking and payment services
  4. Any reused passwords anywhere else

2) Stop password reuse immediately

If one password is reused across 3 to 4 sites, one leak turns into multiple compromises.

3) Turn on Two-Factor Authentication (2FA)

Enable 2FA for:

  • Email
  • Social media
  • Crypto exchanges
  • Password managers

Even if a password leaks, 2FA can block a clean login attempt.

4) Check logged-in devices and sessions

Facebook, Instagram, Google, and other platforms allow you to review active sessions and log out unknown devices.

5) Watch for phishing and “password reset” scams

After a leak, attackers often shift from brute force logins to targeted social engineering. Treat unexpected reset emails and suspicious login alerts as high risk.

The Bigger Issue: Credential Databases Keep Getting Rebuilt

One unsettling part of the Cybernews report is how long the database was accessible publicly and how the number of records reportedly grew before access was restricted.

This highlights a larger pattern: stolen credentials do not disappear after one cleanup. Threat actors continuously collect, store, sell, and reuse data from:

  • Malware infections
  • Phishing campaigns
  • Reused passwords from old breaches
  • Misconfigured cloud databases

So even if you escaped this incident, similar datasets show up again and again.

Conclusion

The Facebook and Instagram passwords exposed story is not only about social media accounts getting hacked. It is about how credential-stealing malware and poorly secured cloud databases can expose hundreds of millions of logins across services people rely on every day.

With a reported 149M credentials and a 96GB database containing structured records, the risk is clear: attackers can automate account takeovers, run credential-stuffing attacks, and use stolen access for identity fraud.

If you do one thing today, make it this: change your reused passwords and enable 2FA. That single move cuts off the easiest path attackers use after leaks like this.

Author
Picture of Michael Anderson

Michael Anderson

Michael Anderson is an Editor at CIOMinds, a leading digital publication covering enterprise leadership and technology innovation.
Related Posts
Trending Now