- A cybersecurity researcher recently found 149 million login credentials sitting on an open server, including nearly 420,000 accounts from Binance.
- This leak did not happen because of a flaw in Binance’s systems. Instead, it was due to “infostealer” malware on personal devices.
- The data dump included millions of accounts from Gmail, Facebook and even government domains.
Cybersecurity experts recently found a database containing over 149 million usernames and passwords, sitting wide open on the internet.
This massive data leak wasnt even protected by a password or any form of encryption, and anyone with a web browser could have accessed it.
Among the millions of records, researchers identified hundreds of thousands of logins specifically linked to Binance, the world’s largest crypto exchange.
How Infostealers Caused This
The source of this mountain of data is a type of software known as an “infostealer.”
It is unlike traditional viruses that might slow down your computer. Instead, it is designed to be silent. They hide in the background and watch everything you do.
🚨 ALERT: Around 149M user credentials were exposed in a massive infostealer data dump, including 420K @binance -related logins.
Important: This was caused by malware-infected devices, not a breach of Binance. pic.twitter.com/okAmIuHZ8l
— Crypto Jist (@CryptoJistHQ) January 26, 2026
They can record your keystrokes, take screenshots of your desktop and even steal the “cookies” that keep users logged into your favourite websites. This allows hackers to bypass any security measures without a user ever knowing they were there.
Researcher Jeremiah Fowler discovered the 96 gigabyte file and noted that it contained several accounts including 48 million Gmail accounts and 17 million Facebook logins.
There were even around 420,000 Binance accounts, which shows that crypto users are the main target. Also, because this data leak exposure came from malware on personal devices, it means that the hackers were able to grab information directly from the source.
The Danger of Fake Software and Game Mods
Many of these infections happen when people try to download free versions of paid software or “cheats” for popular video games.
Late lasy year, alone, security firms reported that there was a surge in malware disguised as Roblox scripts or game cracks. Users think they are getting a shortcut for their favourite game, but they are actually installing a digital spy.
Once active, the malware gets to work, searching for crypto wallet extensions like MetaMask and Phantom and the crypto in them.
Another disturbing fact is that this malware does not care about browser types because it can target Chrome, Firefox, Edge and even privacy-focused browsers like Brave.
It pretends to be a legitimate file and bypasses the basic security checks many people rely on. This is why downloading software from unofficial sources is one of the biggest risks a crypto investor can take today.
Protecting Your Assets
The best defence against infostealers is to use a “prevention-first” mindset.
Security experts say that users should consider moving away from simple passwords and toward hardware based authentication. Tools like YubiKeys or biometric logins are much harder for malware to bypass, because they require physical access to a device.
In other words, if a hacker only has a user’s password from a data leak, they will still hit a wall when the system asks for a physical security key.
With this in mind, traders and investors should also be wary of “credential stuffing” attacks.
This happens when a hacker takes a stolen password from one site (like Netflix) and tries it on every other site a user might use. In other words, people who reuse passwords are at risk from a single leak at a small company.