Technology

149 million passwords exposed in massive credential leak

Published

2 months ago

February 3, 2026

149 million passwords exposed in massive credential leak

NEWYou can now listen to Fox News articles!

It has been a rough start to the year for password security. A massive database containing 149 million stolen logins and passwords was found publicly exposed online.

The data included credentials tied to an estimated 48 million Gmail accounts, along with millions more from popular services. Cybersecurity researcher Jeremiah Fowler, who discovered the database, confirmed it was not password-protected or encrypted. Anyone who found it could have accessed the data.

Here is what we know so far and what you should do next.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

AI WEARABLE HELPS STROKE SURVIVORS SPEAK AGAIN

A publicly exposed database left millions of usernames and passwords accessible to anyone who found it online. (Wei Leng Tay/Bloomberg via Getty Images)

What was found in the exposed database

The database contained 149,404,754 unique usernames and passwords. It totaled roughly 96 GB of raw credential data. Fowler said the exposed files included email addresses, usernames, passwords and direct login URLs for accounts across many platforms. Some records also showed signs of info-stealing malware, which silently captures credentials from infected devices.

Importantly, this was not a new breach of Google, Meta or other companies. Instead, the database appears to be a compilation of credentials stolen over time from past breaches and malware infections. That distinction matters, but the risk to users remains real.

Which accounts appeared most often

Based on estimates shared by Fowler, the following services had the highest number of credentials in the exposed database.

48 million – Gmail
17 million – Facebook
6.5 million – Instagram
4 million – Yahoo Mail
3.4 million – Netflix
1.5 million – Outlook
1.4 million – .edu email accounts
900,000 – iCloud Mail
780,000 – TikTok
420,000 – Binance
100,000 – OnlyFans

Email accounts dominated the dataset, which matters because access to email often unlocks other accounts. A compromised inbox can be used to reset passwords, access private documents, read years of messages and impersonate the account holder. That is why Gmail appearing so frequently in this database raises concerns beyond any single service.

SUPER BOWL SCAMS SURGE IN FEBRUARY AND TARGET YOUR DATA

Email accounts appeared most often in the leaked data, which is especially concerning because inbox access can unlock many other accounts. (Felix Zahn/Photothek via Getty Images)

Why the exposed database creates serious security risks

This exposed database was not abandoned or forgotten. The number of records increased while Fowler was investigating it, which suggests the malware feeding it was still active. There was also no ownership information attached to the database. After multiple attempts, Fowler reported it directly to the hosting provider. It took nearly a month before the database was finally taken offline. During that time, anyone with a browser could have searched it. That reality raises the stakes for everyday users.

This was not a traditional hack or company breach

Hackers did not break into Google or Meta systems. Instead, malware infected individual devices and harvested login details as people typed them or stored them in browsers. This type of malware is often spread through fake software updates, malicious email attachments, compromised browser extensions or deceptive ads. Once a device is infected, simply changing passwords does not solve the problem unless the malware is removed.

TIKTOK AFTER THE US SALE: WHAT CHANGED AND HOW TO USE IT SAFELY

Researchers believe infostealing malware collected the credentials, silently harvesting logins from infected devices over time. (Jaap Arriens/NurPhoto via Getty Images)

How to protect your accounts after a massive password leak

This is the most important part. Take these steps even if everything seems fine right now. Credential leaks like this often surface weeks or months later.

1) Stop reusing passwords immediately

Password reuse is one of the biggest risks exposed by this database. If attackers get one working login, they often test it across dozens of sites automatically. Change reused passwords first, starting with email, financial and cloud accounts. Each account should have its own unique password. Consider using a password manager, which securely stores and generates complex passwords, reducing the risk of password reuse.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

2) Switch to passkeys where available

Passkeys replace passwords with device-based authentication tied to biometrics or hardware. That means there is nothing for malware to steal. Gmail and many major platforms already support passkeys, and adoption is growing fast. Turning them on now removes a major attack surface.

3) Enable two-factor authentication on every account

Two-factor authentication (2FA) adds a second checkpoint, even if a password is exposed. Use authenticator apps or hardware keys instead of SMS when possible. This step alone can stop most account takeover attempts tied to stolen credentials.

4) Scan devices for malware with strong antivirus software

Changing passwords will not help if malware is still on your device. Install strong antivirus software and run a full system scan. Remove anything flagged as suspicious before updating passwords or security settings. Keep your operating system and browsers fully updated as well.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

5) Review account activity and login history

Most major services show recent login locations, devices and sessions. Look for unfamiliar activity, especially logins from new countries or devices. Sign out of all sessions if the option is available and reset credentials right away if anything looks off.

6) Use a data removal service to reduce exposure

Stolen credentials often get combined with data scraped from data broker sites. These profiles can include addresses, phone numbers, relatives and work history. Using a data removal service helps reduce the amount of personal information criminals can pair with leaked logins. Less exposed data makes phishing and impersonation attacks harder to pull off.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

7) Close accounts you no longer use

Old accounts are easy targets because people forget to secure them. Close unused services and delete accounts tied to outdated app subscriptions or trials. Fewer accounts mean fewer chances for attackers to get in.

Kurt’s key takeaways

This exposed database is another reminder that credential theft has become an industrial-scale operation. Criminals move fast and often prioritize speed over security. The good news is that simple steps still work. Unique passwords, strong authentication, malware protection and basic cyber hygiene go a long way. Do not panic, but do not ignore this either.

If your email account was compromised today, how many other accounts would fall with it? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Related Topics:Facebook Featured Instagram Privacy Security Tech

Click to comment

Technology

Judge sides with Anthropic to temporarily block the Pentagon’s ban

Published

4 hours ago

March 27, 2026

Press Room

Judge sides with Anthropic to temporarily block the Pentagon’s ban

After Anthropic’s weeks-long standoff with the Pentagon, the company won one milestone: A judge granted Anthropic a preliminary injunction in its lawsuit, which sought to reverse its government blacklisting while the judicial process plays out.

“The Department of War’s records show that it designated Anthropic as a supply chain risk because of its ‘hostile manner through the press,’” Judge Rita F. Lin, a district judge in the northern district of California, wrote in the order, which will go into effect in seven days. “Punishing Anthropic for bringing public scrutiny to the government’s contracting position is classic illegal First Amendment retaliation.”

A final verdict could be weeks or months out.

Anthropic spokesperson Danielle Cohen said in a Thursday statement, “We’re grateful to the court for moving swiftly, and pleased they agree Anthropic is likely to succeed on the merits. While this case was necessary to protect Anthropic, our customers, and our partners, our focus remains on working productively with the government to ensure all Americans benefit from safe, reliable AI.”

“I do think this case touches on an important debate,” Judge Lin said during the Tuesday hearing. “On the one hand, Anthropic is saying that its AI product, Claude, is not safe to use for autonomous lethal weapons and domestic mass surveillance. Anthropic’s position is that if the government wants to use its technology, the government has to agree not to use it for those purposes. On the other hand the Department of War is saying that military commanders have to decide what is safe for its AI to do.”

On Tuesday, Judge Lin went on to say, “It’s not my role to decide who’s right in that debate… The Department of War decides what AI product it wants to use and buy. And everyone, including Anthropic, agrees that the Department of War is free to stop using Claude and look for a more permissive AI vendor.” She added, “I see the question in this case as being … whether the government violated the law when it went beyond that.”

It all started with a memo sent by Defense Secretary Pete Hegseth on Jan. 9, calling for “any lawful use” language to be written into any AI services procurement contract within 180 days, which would include existing contracts with companies like Anthropic, OpenAI, xAI, and Google. Anthropic’s negotiations with the Pentagon stretched on for weeks, hinging on two “red lines” that the company did not want the military to use its AI for: domestic mass surveillance and lethal autonomous weapons (or AI systems with the power to kill targets with no human involvement in the decision-making process). The rollercoaster series of events that followed has included a barrage of social media insults, a formal “supply chain risk” designation with the potential to significantly handicap Anthropic’s business, competing AI companies swooping in to make deals, and an ensuing lawsuit.

With its lawsuit, Anthropic argues that it was punished for speech protected under the First Amendment, and it’s seeking to reverse the supply chain risk designation.

It’s rare, and potentially even unheard of until now, for a US company to be named a supply chain risk, a designation typically reserved for non-US companies potentially linked to foreign adversaries. Anthropic’s designation as such raised eyebrows nationwide and caused bipartisan controversy due to concerns that disagreeing with a presidential administration could potentially lead to outsized retribution for a business in any sector.

Anthropic’s own business has been significantly affected by the designation, according to its court filings, which say that it has “received outreach from numerous outside partners … expressing confusion about what was required of them and concern about their ability to continue to work with Anthropic” and that “dozens of companies have contacted Anthropic” for guidance or information about their rights to terminate usage. Depending on the level to which the government prohibits its contractors’ work with Anthropic, the company alleged that revenue adding up to between hundreds of millions and multiple billions could be at risk.

During Tuesday’s hearing, both companies had a chance to respond to Judge Lin’s questions, which were released in a document the day prior and hinged on matters like whether Hegseth lacked authority to issue certain directives and why Anthropic was named a supply chain risk. The judge also asked, in her pre-released questions, about the circumstances under which a government contractor could face termination for using Anthropic’s technology in their work — for instance, “if a contractor for the Department uses Claude Code as a tool to write software for the Department’s national security systems, would that contractor face termination as a result?”

On Tuesday, the judge also seemed to admonish the Department of War for Hegseth’s X post that caused a lot of widespread confusion per Anthropic’s earlier court filings, stating that “effective immediately, no contractor, supplier, or partner that does business with the United States military may conduct any commercial activity with Anthropic.”

“You’re standing here saying, ‘We said it but we didn’t really mean it,’” Judge Lin said during the hearing, later pressing on the question of why Hegseth wrote the above barring contractors from working with Anthropic instead of just simply designating Anthropic as a supply chain risk.

In a series of questions on Tuesday, Judge Lin asked whether the Department of War plans to terminate contractors on the basis of their work with Anthropic if it’s separate from their work with the department, and a representative for the Department of War responded, “That is my understanding.”

Judge Lin asked, “Let’s say I’m a military contractor. I don’t provide IT to the military. I provide toilet paper to the military. I’m not going to be terminated for using Anthropic — is that accurate?” The representative for the Department of War responded, “For non-DoW work, that is my understanding.” But when the judge asked whether a military contractor providing IT services to the Department of War, but not for national security systems, could be terminated for using Anthropic, the representative for the Department of War did not give a concrete answer.

During the hearing, Judge Lin cited one of the amicus briefs, which she said used the term “attempted corporate murder.” She said, “I don’t know if it’s ‘murder,’ but it looks like an attempt to cripple Anthropic.”

“We are continuing to be irreparably injured by this directive,” a lawyer for Anthropic said during the hearing, citing Hegseth’s nine-paragraph X post.

In a recent court filing, the Department of Defense alleged that Anthropic could ostensibly “attempt to disable its technology or preemptively alter the behavior of its model either before or during ongoing warfighting operations” in the event it felt the military was crossing its red lines — a theoretical situation that the Pentagon said it deemed an “unacceptable risk to national security.” The judge’s pre-released questions seem to challenge that statement, or at least request more information on it, stating, “What evidence in the record shows that Anthropic had ongoing access to or control over Claude after delivering it to the government, such that Anthropic could engage in such acts of sabotage or subversion?”

Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.

Hayden Field

Technology

Drone food delivery launches in New Jersey

Published

4 hours ago

March 27, 2026

Press Room

Drone food delivery launches in New Jersey

NEWYou can now listen to Fox News articles!

You place a food order, check your phone, and instead of a driver pulling up, a drone lowers your meal to your front yard. That scenario is already playing out in the Garden State. But before you get too excited, this is still a limited test.

Grubhub just launched New Jersey’s first drone-powered food delivery pilot, and it is getting plenty of attention. The three-month program kicked off on March 18 in Green Brook, just a few miles from Middlesex. If you live within about 2.5 miles of the location, you may be able to try it yourself.

Even better, you will not pay anything extra to choose the drone option.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter

YOUR DOORDASH ORDER MIGHT ARRIVE FROM THE SKY AS DRONE DELIVERIES TAKE OFF

Grubhub launches a three-month drone delivery test in New Jersey, offering faster drop-offs with no added cost. (Grubhub)

How the drone delivery program works

The program is based out of Wonder’s Green Brook location, which operates a multi-restaurant kitchen. That means your order can come from one of 15 different food concepts, all prepared in the same place.

Here is how it works step by step:

You order through the Grubhub app
You select drone delivery if you are eligible
Your food is prepared and secured by trained staff
A drone flies it along a pre-approved route
The order is lowered safely to the ground using a tether

You can track everything in real time, just like a regular delivery. It feels familiar, but the final step looks very different.

Why this could be faster than your usual delivery

Timing matters when you are hungry. That is where drones may have a real advantage. Unlike drivers, drones do not deal with traffic, stoplights or parking. They fly directly to your location using optimized flight paths.

Grubhub says deliveries should arrive faster than traditional methods. While that will vary based on conditions, the goal is simple. Less waiting, more eating. This test will help the company see if that promise holds up in real neighborhoods.

AIR TAXIS IN THE US COULD LAUNCH THIS SUMMER

New Jersey residents within range can order food by drone, with real-time tracking and tethered drop-offs. (Grubhub)

The tech behind the delivery drones

The program uses the DE-2020 drone from Dexa, a company that specializes in autonomous delivery systems.

This is not a hobby drone. It is a fully automated aircraft built for commercial use.

Key features include:

FAA-certified operations for safety and compliance
Secure communication systems during flight
Controlled drop-off using a tether system
Pre-planned routes to reduce noise and disruption

Before each flight, crews check that food is packaged and secured properly. That step helps prevent spills or issues mid-air. In short, there is a lot more going on behind the scenes than a simple takeoff and landing.

We reached out to Grubhub, and a spokesperson shared the following statement:

“Our partnership with Dexa represents a major step forward in Grubhub’s commitment to delivery innovation,” said Abhishek “PJ” Poykayil, SVP of customer delivery operations at Wonder and Grubhub. “By connecting Grubhub’s marketplace expertise, Wonder’s innovative mealtime platform, and Dexa’s expansive drone technology, we’re proud to introduce a faster and more efficient way for New Jersey diners to experience food delivery without compromising safety or reliability.”

We also reached out to Dexa for more insight into the technology behind the program. CEO and founder Beth Flippo shared the following with CyberGuy:

“At Dexa, we’re proud to be powering the underlying autonomous technology that enables this new generation of on-demand delivery. Our partnership with Grubhub brings together their industry-leading logistics network with our advanced autonomy platform, which is designed to safely navigate complex environments, optimize real-time routing, and operate reliably without the need for continuous human intervention. This is a meaningful step toward a future where autonomous systems are woven seamlessly into everyday life, from delivering food and goods to supporting transportation, infrastructure and critical services. As consumers continue to expect faster, more efficient and more sustainable options, autonomy will play a central role in meeting those expectations at scale.”

FORGET DRONES, THIS STREET-SMART ROBOT COULD BE FUTURE OF LOCAL DELIVERIES

Autonomous drones designed by Dexa deliver meals from a central kitchen, bypassing traffic in a new suburban pilot program. (Grubhub)

Why companies are pushing drone delivery now

This move is not random. It is part of a bigger shift in how companies think about delivery. You and I want speed, convenience and reliability. At the same time, businesses want to reduce costs and scale faster. Drone delivery sits right in the middle of that.

It removes many of the delays tied to traditional delivery. It also opens the door to new models, especially in suburban areas where distances are manageable.

We are already seeing this play out in other parts of the country. Companies like Wing, backed by Google’s parent company Alphabet, have been testing and expanding drone deliveries for food, retail and small packages in select U.S. markets.

This New Jersey test is another step in that direction, and it shows how quickly the space is evolving.

What this means to you

Even if you are not in Green Brook, New Jersey, this still matters. Here is why:

You may get faster deliveries

If this works, shorter delivery times could become the new normal.

You could see more delivery options

Apps may soon offer choices like driver, robot or drone depending on your location.

It could change delivery costs

Right now, there is no added fee. In the future, pricing models may shift based on speed and demand.

Your neighborhood may see more drones

That raises questions about noise, safety and privacy that communities will need to address.

This is not only about food. The same technology could expand to groceries, retail and even medical supplies.

Take my quiz: How safe is your online security?

Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com

Kurt’s key takeaways

It is easy to see drone delivery as some sort of cool experiment. But something bigger is starting to take shape right above us. For the first time, the sky is becoming part of everyday delivery. Today it is takeout. Tomorrow it could be groceries, last-minute essentials or even urgent supplies. If this technology proves reliable, and we get comfortable with it, the way you get what you need could change faster than you expect. So the next time you hear a faint buzz overhead, you may want to look up. It might not be a plane. It could be your dinner on the way. The real question is not if drones will become part of daily life. It is how soon you will be tracking one to your doorstep.

Would you trust a drone to deliver your next meal? Why or why not? Let us know by writing to us at Cyberguy.com

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Technology

Netflix is raising prices again

Published

16 hours ago

March 26, 2026

Press Room

Netflix’s prices just went up, with its cheapest, ad-supported tier now reaching $8.99 / month (up from $7.99 / month), according to an updated support page spotted earlier by Android Authority. The standard and premium plans are also getting a hike, going from $17.99 to $19.99 / month and $24.99 to $26.99 / month, respectively.

Netflix didn’t share its reasoning for the price hike this time around, as it last cited delivering “more value for our customers.” It’s also unclear when the price hike will go into effect for existing subscribers. The Verge reached out to Netflix with a request for comment but didn’t immediately hear back.