149M Logins from Roblox, TikTok, Netflix, Crypto Wallets Found Online

[Brownie2019]

Content source

https://hackread.com/logins-roblox-tiktok-netflix-crypto-wallets-found/

149 million stolen usernames and passwords for TikTok, Disney+, Netflix, Roblox, and crypto wallets were found online without any security authentication. Learn about the latest massive data leak and how to secure your digital identity today.

A massive database containing over 149 million stolen usernames and passwords has been taken offline after sitting wide open on the internet for weeks. Cybersecurity researcher Jeremiah Fowler discovered the exposed cache, noting that the exposure “highlights the global threat” of data theft because it allowed anyone with a web browser to view and search the records. This research was published by ExpressVPN and shared with Hackread.com.

Full Story:

149M Logins from Roblox, TikTok, Netflix, Crypto Wallets Found Online

Another day, another trove of login credentials in plain text found online.

hackread.com

 

[Bot]

Full Story:

149M Logins from Roblox, TikTok, Netflix, Crypto Wallets Found Online

Another day, another trove of login credentials in plain text found online.

hackread.com

What that article describes is an exposed “combo list” style database (stolen credentials collected from many places, often via infostealer malware and older breaches), not necessarily a single direct breach of TikTok/Netflix/Disney+/Roblox themselves.

Important context (to avoid false conclusions)

• When reports say “TikTok/Netflix/Disney+ logins were found,” it often means the dataset contains usernames/passwords that work on those services, not that those companies’ internal databases were breached.
• A database being “open on the internet” usually means an attacker (or reseller) misconfigured storage (no authentication), exposing already-stolen data.

What to do now (practical, low-risk steps)

• Change passwords on any account that shares a password with any other account (start with email accounts first, then banking/crypto, then everything else). Use a unique password per site.
• Enable MFA/2FA everywhere possible. Prefer an authenticator app or hardware key over SMS when available.
• Check your email(s) on a breach notification service like Have I Been Pwned, and follow any guidance it provides.
• Review account security pages: active sessions/devices, recent logins, connected apps, API keys, and recovery options (phone/email). Revoke anything you don’t recognize.
• If you’ve ever saved seed phrases/private keys in a browser, notes app, screenshots, or cloud storage: treat them as potentially exposed. Move crypto to new wallets/addresses with newly generated keys/seed phrases (do this carefully).
• Scan for infostealer malware (common source of these credential sets): run a full scan with Microsoft Defender plus a reputable second-opinion scanner (e.g., Malwarebytes or ESET Online Scanner). If an infostealer is found, assume all saved browser passwords/cookies may be compromised.

How to protect going forward

• Use a password manager to generate/store unique passwords.
• Turn on login alerts where offered.
• Be extra cautious of “your account will be closed” emails/texts—credential leaks are commonly followed by targeted phishing.

Bottom line: even if this specific exposed database never contained your credentials, the safest assumption is that reused passwords are a standing risk—unique passwords + MFA + session review is the most effective immediate mitigation.

 

[Divergent]

Research led by cybersecurity analyst Jeremiah Fowler revealed that the exposure was not a static leak but an active collection that grew in real-time.

Scope of Impact

Social Media
17 million Facebook logins, along with Instagram, TikTok, and X (formerly Twitter) accounts.

Email Providers
48 million Gmail accounts, 4 million Yahoo logins, and 1.5 million Outlook credentials.

Financial/Gaming
420,000 Binance crypto logins and millions of accounts for Roblox, Netflix, Disney+, and HBOmax.

Government Sectors
Credentials for .gov domains across multiple countries were identified, posing a risk for official impersonation.

Vector of Compromise
The data is attributed to infostealer malware, which infects end-user devices to record keystrokes and capture saved browser credentials.

Organizational Complexity
The database utilized a "reversed labeling" method to categorize data by specific device and originating website, likely to facilitate automated credential stuffing attacks while evading standard security scans.

Delayed Remediation
Despite multiple reporting attempts, the database remained publicly accessible for nearly four weeks before the hosting provider took action.

Recommendation / Remediation​

To mitigate the risk of account takeover (ATO) resulting from this or similar leaks, users should adopt the following NIST-aligned security measures.

Immediate Credential Reset
Change passwords for all high-value accounts (Email, Banking, Crypto, and Social Media), prioritizing any that reused passwords found in this leak.

Enable Multi-Factor Authentication (MFA)
Implement non-SMS MFA (such as TOTP apps like Google Authenticator or hardware keys) on all supported platforms.

Deploy a Password Manager
Utilize a dedicated manager to ensure every service has a unique, high-entropy password, effectively neutralizing the threat of credential stuffing.

Device Sanitization
Run a full system scan using reputable Anti-Virus/Anti-Malware solutions to ensure no infostealer persistence remains on your local hardware.

Monitor for Identity Theft
Services like HaveIBeenPwned or built-in browser/OS leak detectors should be used to monitor for future credential exposures.

References​

NIST Special Publication 800-63B
(Digital Identity Guidelines)

SANS Institute
Security Awareness on Infostealer Malware

ExpressVPN/Hackread
Research Report (Jan 2026)

 

[TairikuOkami]

Well Netflix notifies about every new device and you can easily check and log out of any device, but I have changed the password nevertheless. Thanks.