Technology

149 million passwords exposed in massive credential leak

Published

2 months ago

February 3, 2026

149 million passwords exposed in massive credential leak

NEWYou can now listen to Fox News articles!

It has been a rough start to the year for password security. A massive database containing 149 million stolen logins and passwords was found publicly exposed online.

The data included credentials tied to an estimated 48 million Gmail accounts, along with millions more from popular services. Cybersecurity researcher Jeremiah Fowler, who discovered the database, confirmed it was not password-protected or encrypted. Anyone who found it could have accessed the data.

Here is what we know so far and what you should do next.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

AI WEARABLE HELPS STROKE SURVIVORS SPEAK AGAIN

A publicly exposed database left millions of usernames and passwords accessible to anyone who found it online. (Wei Leng Tay/Bloomberg via Getty Images)

What was found in the exposed database

The database contained 149,404,754 unique usernames and passwords. It totaled roughly 96 GB of raw credential data. Fowler said the exposed files included email addresses, usernames, passwords and direct login URLs for accounts across many platforms. Some records also showed signs of info-stealing malware, which silently captures credentials from infected devices.

Importantly, this was not a new breach of Google, Meta or other companies. Instead, the database appears to be a compilation of credentials stolen over time from past breaches and malware infections. That distinction matters, but the risk to users remains real.

Which accounts appeared most often

Based on estimates shared by Fowler, the following services had the highest number of credentials in the exposed database.

48 million – Gmail
17 million – Facebook
6.5 million – Instagram
4 million – Yahoo Mail
3.4 million – Netflix
1.5 million – Outlook
1.4 million – .edu email accounts
900,000 – iCloud Mail
780,000 – TikTok
420,000 – Binance
100,000 – OnlyFans

Email accounts dominated the dataset, which matters because access to email often unlocks other accounts. A compromised inbox can be used to reset passwords, access private documents, read years of messages and impersonate the account holder. That is why Gmail appearing so frequently in this database raises concerns beyond any single service.

SUPER BOWL SCAMS SURGE IN FEBRUARY AND TARGET YOUR DATA

Email accounts appeared most often in the leaked data, which is especially concerning because inbox access can unlock many other accounts. (Felix Zahn/Photothek via Getty Images)

Why the exposed database creates serious security risks

This exposed database was not abandoned or forgotten. The number of records increased while Fowler was investigating it, which suggests the malware feeding it was still active. There was also no ownership information attached to the database. After multiple attempts, Fowler reported it directly to the hosting provider. It took nearly a month before the database was finally taken offline. During that time, anyone with a browser could have searched it. That reality raises the stakes for everyday users.

This was not a traditional hack or company breach

Hackers did not break into Google or Meta systems. Instead, malware infected individual devices and harvested login details as people typed them or stored them in browsers. This type of malware is often spread through fake software updates, malicious email attachments, compromised browser extensions or deceptive ads. Once a device is infected, simply changing passwords does not solve the problem unless the malware is removed.

TIKTOK AFTER THE US SALE: WHAT CHANGED AND HOW TO USE IT SAFELY

Researchers believe infostealing malware collected the credentials, silently harvesting logins from infected devices over time. (Jaap Arriens/NurPhoto via Getty Images)

How to protect your accounts after a massive password leak

This is the most important part. Take these steps even if everything seems fine right now. Credential leaks like this often surface weeks or months later.

1) Stop reusing passwords immediately

Password reuse is one of the biggest risks exposed by this database. If attackers get one working login, they often test it across dozens of sites automatically. Change reused passwords first, starting with email, financial and cloud accounts. Each account should have its own unique password. Consider using a password manager, which securely stores and generates complex passwords, reducing the risk of password reuse.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

2) Switch to passkeys where available

Passkeys replace passwords with device-based authentication tied to biometrics or hardware. That means there is nothing for malware to steal. Gmail and many major platforms already support passkeys, and adoption is growing fast. Turning them on now removes a major attack surface.

3) Enable two-factor authentication on every account

Two-factor authentication (2FA) adds a second checkpoint, even if a password is exposed. Use authenticator apps or hardware keys instead of SMS when possible. This step alone can stop most account takeover attempts tied to stolen credentials.

4) Scan devices for malware with strong antivirus software

Changing passwords will not help if malware is still on your device. Install strong antivirus software and run a full system scan. Remove anything flagged as suspicious before updating passwords or security settings. Keep your operating system and browsers fully updated as well.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

5) Review account activity and login history

Most major services show recent login locations, devices and sessions. Look for unfamiliar activity, especially logins from new countries or devices. Sign out of all sessions if the option is available and reset credentials right away if anything looks off.

6) Use a data removal service to reduce exposure

Stolen credentials often get combined with data scraped from data broker sites. These profiles can include addresses, phone numbers, relatives and work history. Using a data removal service helps reduce the amount of personal information criminals can pair with leaked logins. Less exposed data makes phishing and impersonation attacks harder to pull off.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

7) Close accounts you no longer use

Old accounts are easy targets because people forget to secure them. Close unused services and delete accounts tied to outdated app subscriptions or trials. Fewer accounts mean fewer chances for attackers to get in.

Kurt’s key takeaways

This exposed database is another reminder that credential theft has become an industrial-scale operation. Criminals move fast and often prioritize speed over security. The good news is that simple steps still work. Unique passwords, strong authentication, malware protection and basic cyber hygiene go a long way. Do not panic, but do not ignore this either.

If your email account was compromised today, how many other accounts would fall with it? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Related Topics:Facebook Featured Instagram Privacy Security Tech

Click to comment

Technology

Allow me to explain why I love this camera that can’t shoot color

Published

8 hours ago

April 12, 2026

Press Room

Allow me to explain why I love this camera that can’t shoot color

I love black-and-white photography. I also adore compact cameras you can always have by your side. So I’m a total mark for the Ricoh GR IV Monochrome, a fixed-lens camera that can’t zoom and can’t record color — at all. It’s a formula that makes the average person ask, “Why?”

I’ve tested the GR IV Monochrome for over a month, taking it with me everywhere and photographing everything. Let me explain how this pricey little point-and-shoot is likely to go down as one of my all-time-favorite cameras.

$2197

The Good

Excellent black-and-white image quality
Everything great about the standard GR IV: sharp lens, small size, solid focusing
Fantastic high-ISO noise performance
Limiting yourself to black and white has creative benefits

The Bad

Expensive for a Ricoh GR
Face / eye tracking autofocus pales in comparison to the bigger camera brands
Short battery life (about 200-ish shots)

Ricoh GRs are some of the most unassuming, no-frills cameras around, and they have been since their conception in the film days. In the digital era, they’re pocket-size point-and-shoots with a large APS-C sensor permanently attached to a fixed focal length lens. If you’re familiar with Fujifilm’s popular X100 line, it’s like trimming one of those down to the bare minimum — that means no viewfinder and no fancy aperture ring. The X100 and other coveted street cameras like Leicas offer vintage-style shooting and double as lifestyle accessories or shoulder-carried jewelry (with prices to match). But a Ricoh GR is purely a shooter’s camera, with unabashedly modern methods of being used. Atop the camera is a typical mode dial, with customizable user presets, not an old-timey shutter speed dial.

The GR IV Monochrome takes last year’s Ricoh GR IV, strips out the color filter from the sensor, and replaces its built-in ND filter with a red filter (for one-click contrast adjustment purely using optics). Functionally, the alteration to the sensor gives the GR Monochrome an elevated ISO range of 160 to 409,600 and makes it better in low-light shooting (because color noise looks worse at high ISO than pure luminance grain). It maintains the upgrades established with the GR IV: improved autofocusing for its 28mm-equivalent f/2.8 lens, a 26-megapixel APS-C sensor, and 53GB of internal storage (supported by a microSD card slot).

1/15

The $120 Ricoh GF-2 add-on flash is a great addition for the camera. It’s best for close-up subjects, but it creates a nice high-key look in black and white.

Using the GR IV Monochrome feels just like the standard GR IV, with key functions that help it thrive in impromptu street-style shooting. It powers on and is ready to shoot in less than one second, and at any moment you can quickly full-press the shutter to forgo autofocusing and take a shot at a preset focus distance. Ricoh calls this Snap Focus, and it allows you to easily shoot from the hip with zone focusing — a staple of street photographers. The GR is all about spontaneity. Its autofocus system has face and eye detection, but it’s just a serviceable helper. The main way to use the GR is with single-point focusing and quickly moving it around the touchscreen. Many hardcore photographers will loathe its lack of an electronic viewfinder, but I’ve come to terms with its forgoing one for the sake of size.

But being forced into a black-and-white view of the world through this camera’s LCD is where the real magic happens. Any digital camera can be set to black-and-white mode, but not having the choice pushes you to look more intently at light and tonality. I pay extra attention to my compositions and seek out textures and tones I might ignore when shooting color. I know the camera can’t see color, so I mentally adjust my eye and my creativity to match — knowing there’s no bailout or reverting back to color in post. A more disciplined shooter may not feel they need all that, but I’ve shot enough on the GR IV Monochrome, other black-and-white-only cameras, and film cameras to know that I’m feasting when working with some limitations.

1/23

ISO 8000, 1/200s, f/2.8.

That’s the same ethos that drives people to go back to analog photography and digicams, or use toy-like cameras, but the GR IV Monochrome also unlocks the ability to shoot at extravagantly high ISOs in just about any light. The f/2.8 maximum aperture of the GR’s lens isn’t as fast as the f/1.7 and f/2 lenses of the Leica Q and Fujifilm X100 cameras of the world, but it’s fast enough when you barely notice much noise until ISO 25,600 and even a six-digit ISO is perfectly usable (even before denoising in post-processing software).

The other big way the GR IV sets itself apart from its Leica and Fujifilm competitors is that this camera is actually pocketable. I have ventured out of the house many times with my personal Leica Q2 slung over my shoulder, sans camera bag, ready to go on a little photo adventure or capture memories with family or friends. But it’s even easier to drop a Ricoh GR into a purse, diaper bag, or even a jacket / rear pants pocket. It turns any outing or errand into an opportunity to dabble in your creativity. These are snapshot-y moments that would usually be reserved for the camera you always have with you: your phone. But with the GR IV Monochrome, I feel more empowered and motivated to create something special and purposeful.

1/31

Here are some comparison photos between the GR IV Monochrome and the standard GR IV, including a full-range ISO test. ISO 200, 1/4s, f/5.6.

Am I creating art at the grocery store that’s worthy of the white walls of a Chelsea gallery? No. But seeing my own personal world through a black-and-white lens of such quality is enchanting. And there’s nothing wrong with feeling a little “artsy” sometimes, even if you’re just auditioning for the art critic in your own head.

The mundanity of our humdrum lives feels elevated when given the timeless quality of black and white. Lately, it’s felt even more authentic to me and worthy of appreciation, since generative AI is making so much of our world feel fake. It’s now commonplace to doubt everything we see as a possible deepfake or a dubious con — even from our own government. Black-and-white imagery still feels precious and real, at least as long as the AI-obsessed tech platforms don’t focus their Eye of Sauron of Enshittification on this niche of the medium.

A direct comparison of two images taken from our ISO test gallery. Both are taken at ISO 204800, one with the GR IV Monochrome and one with the GR IV. The Monochrome version is grainy, but it’s a usable image. The color version is a mess, and won’t look as good when converted to black and white.

To be fair, cameras that can’t shoot color aren’t new. Leica has been making its Monochrom variants of Q and M cameras for nearly 14 years. But priced at nearly $8,000 to $11,000 and up, they’re mostly unattainable to an average enthusiast. At $2,199.95, the GR IV Monochrome isn’t cheap but it’s much more grounded and feasible to own one without it being your only possession. And frankly, it’s less hoity-toity and snobbish when your second, third, or fourth camera — the “artsy” one — doesn’t cost more than a used car.

1/34

ISO 320, 1/800, f/3.2.

I’d be lying if I said that’s not part of why I dig the GR IV Monochrome so much. I’d love to one day personally own a Leica Monochrom of some sort, but it’s hard not to opt for the catch-all color camera when you’re spending that kind of money (hence why I own a Leica Q2 and not a Q2 Monochrom). But since my brain was broken by Leica and pro-level mirrorless system prices years ago, I can simultaneously look at the GR IV Monochrome and think, “$2,200? That’s not bad,” and also “GR cameras used to be like 900 bucks — what gives?”

It’s the everyday companion status of the GR IV Monochrome that makes it extra-extra special. With this little guy in your pocket, with that kind of image quality and light gathering potential, it feels like a permission slip to capture a sense of authentic wonder wherever you go. The standard GR IV is the logical version to get, allowing you to capture the vibrancy of your world. But the more hardcore GR IV Monochrome brings the romance, gritty realism, and magic.

Photography by Antonio G. Di Benedetto / The Verge

Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.

Antonio G. Di Benedetto

Technology

Samsung Messages ending? What Android owners must know

Published

9 hours ago

April 12, 2026

Press Room

Samsung Messages ending? What Android owners must know

NEWYou can now listen to Fox News articles!

You may be hearing that Samsung Messages is going away, and for many Android users, that’s true. Samsung is quietly phasing out its Samsung Messages app and moving people to Google Messages as the default texting platform with a planned cutoff around July 2026 in the U.S.

Newer Galaxy phones already come with Google Messages preinstalled, and Samsung Messages is no longer available to download on many newer devices.

That shift is real. But the way people are finding out about it is causing confusion. For many people, it starts with a text that doesn’t feel quite right. They’re checking their phone, and suddenly a text pops up warning that their messaging app is going away.

That’s exactly what happened to Gilberto of Running Springs, California. He wrote to us saying, “I just received a text on my Android phone advising me that Samsung Messages was going to end on July 6th, 2026, and that I needed to change to Google Messages. Is that true or a scam? I am a fan and enjoy your newsletter.”

MICROSOFT ‘IMPORTANT MAIL’ EMAIL IS A SCAM: HOW TO SPOT IT

Gilberto is not alone. A growing number of Android owners are seeing similar alerts, and they’re leaving people unsure what’s real and what’s a scam. Here’s what’s real, based on Samsung and Google’s latest moves.

Sign up for my FREE CyberGuy Report

Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com, trusted by millions who watch CyberGuy on TV daily.
Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.

Scam texts like this use urgency and official-looking language to trick you into clicking dangerous links. (Kurt “CyberGuy” Knutsson)

What’s actually happening with Samsung Messages

Samsung says Samsung Messages will be discontinued and is pushing people to switch to Google Messages. Google Messages is already the default texting app on many Galaxy phones.

Here’s what we know right now:

Newer Samsung Galaxy devices already ship with Google Messages as the default
Samsung Messages is still available on many older phones, but it is no longer the focus
Samsung says the app is expected to be discontinued in July 2026 for customers in the United States and advises checking the Samsung Messages app for the exact shutdown date
Some Galaxy phones may show an in-app notification guiding you to switch to Google Messages
Owners of newer Galaxy devices already cannot download Samsung Messages, and all devices will lose access to download it after the July 2026 cutoff

Samsung has not made a dramatic shutdown announcement inside settings or via official alerts. Instead, this is more of a phased shift tied to Google’s push for RCS messaging.

Why Samsung is moving to Google Messages

This change is not random. It’s about standardizing how texting works across Android.

Google has been pushing RCS, which stands for rich communication services. Think of it as the Android version of iMessage.

With Google Messages, you get:

Read receipts and typing indicators
High-quality photo and video sharing
Better group chats
Spam protection powered by Google
Access to newer Google features, including AI tools powered by Gemini, like suggested replies and experimental features such as image generation inside chats
Built-in security improvements, including AI-powered scam detection and stronger spam filtering to help block suspicious messages

Samsung has decided it makes more sense to partner with Google rather than maintain a separate messaging platform.

TAX SEASON SCAMS 2026: FAKE IRS MESSAGES STEALING IDENTITIES

As Samsung shifts to Google Messages, many people are receiving confusing alerts that can be easy to misinterpret. (Kurt “CyberGuy” Knutsson)

So is that text message real or a scam?

Here’s where things get tricky.

The change itself is real
The text message Gilberto received may not be

Samsung does not typically send standalone text messages with links asking you to switch apps. That creates a perfect opening for scammers.

How to tell if the message is legit

Here’s what to look for:

Signs the message could be legitimate

You see a notification inside your phone’s system settings
The alert appears within your existing messaging app
Links go directly to official sources like Google Play

Red flags that point to a scam

A random text with a link
Messages that pressure you to act quickly
Requests for login details or payment
Strange sender numbers or email-style addresses

Scammers know people are already hearing about this change, and they’re using that confusion to make their messages look real.

Taking a moment to verify a message before tapping can protect your data, your money and your identity. (Kurt “CyberGuy” Knutsson)

What you should do right now

You don’t need to panic. You just need to take control of the process.

1) Ignore the link

Even if the message looks convincing, do not tap anything inside it. It could take you to a fake site designed to steal your information. It’s also smart to have strong antivirus software on your phone, which can help block malicious links and warn you about suspicious activity before any damage is done. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

2) Check your phone manually

Open the Google Play Store and search for Google Messages. If it is already installed, you are ahead of the game. If you’re using a newer Galaxy phone, you may already have Google Messages as your default and may not see Samsung Messages at all.

3) Switch in a safe way

Open Google Messages. If it is not already installed, download it from the Google Play Store. When you open it, tap “Set default SMS app,” select Google Messages, then confirm “Set as default.”

If you do not see that prompt, go to Settings > Apps > Choose default apps > SMS app (this may appear as “Default apps” on some devices), then select Google Messages.

4) Your existing texts should appear in Google Messages

When you switch your default messaging app, your SMS and MMS message history should automatically appear inside Google Messages. Google and Samsung both indicate that existing conversations transfer during the switch. In most cases, that means you will keep your existing text messages and won’t lose your conversation history when you switch apps. It is still a good idea to open Google Messages after switching and confirm your threads are there before removing or disabling Samsung Messages.

5) Reduce your exposure online

Scammers don’t just guess your number. They often get it from data broker sites and other places where your personal information is already floating around online. That’s why it’s smart to use a data removal service, which can help remove your phone number and personal details from these sites. The less information that’s out there, the harder it is for scammers to target you with texts like this in the first place. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

What Samsung and Google are not telling you clearly

Here’s the part that frustrates many people. This transition is not being communicated in a consistent or highly visible way. Some Galaxy phones may show notices inside Samsung Messages or system prompts, but there is no single, universal alert reaching everyone at once. Instead, it’s a gradual shift tied to device updates, software versions and Google’s messaging strategy. That uneven rollout is exactly what creates confusion and gives scam texts an opening.

Who may not be affected?

Some older Samsung phones may continue to use Samsung Messages for now, especially if they are no longer receiving major software updates.

However, Samsung has not given a clear cutoff for the Android version, so the timeline can vary depending on your specific device, carrier and region.

You can check your Android version by going to Settings > About phone > Software information > Android version.

Why this matters for you

This is bigger than just switching apps.

It highlights a growing pattern:

Real tech changes create confusion
Scammers jump in immediately
People get caught in the middle

Right now, this change applies to U.S. customers, and timing may vary elsewhere. That kind of uncertainty is exactly what scammers look for, which is why it’s critical to verify any message before you act. Don’t want to use Google Messages? Here are your options

We’re hearing from readers who don’t trust Google and aren’t sure what to do, especially if family members use iPhones.

Here’s the reality:

Use Google Messages (default option): Works with everyone, including iPhones. No one else has to change anything
Use Signal for privacy: More secure, but only works if your contacts also use it
Apps like WhatsApp or Telegram: Both sides need the app

Best practical setup: Use Google Messages for everyday texting and Signal for private conversations.

Take my quiz: How safe is your online security?

Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: CyberGuy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Kurt’s key takeaways

Gilberto’s instinct to question that message was the right move. The switch to Google Messages is real, but the text he received might not be. When tech companies make quiet changes, scammers step in fast. The safest move is simple. Ignore unexpected links, verify everything yourself and make the switch on your terms, not theirs.

Should Big Tech companies be doing more to clearly warn you about major changes like this before scammers step in and fill the gap? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report

Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com trusted by millions who watch CyberGuy on TV daily.
Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.

Technology

The Netherlands is the first European country to approve Tesla’s supervised Full Self-Driving

Published

20 hours ago

April 11, 2026

Press Room

The Netherlands is the first European country to approve Tesla’s supervised Full Self-Driving

Dutch regulators, the RDW, announced that after over a year and a half of testing, it has officially approved Tesla’s Full-Self Driving (FSD) Supervised. This makes the Netherlands the first European country to authorize the use of FSD on its roads. This could open the door to wider adoption throughout the EU. Tesla’s European headquarters is located in Amsterdam, so it’s only fitting that the country is the first to embrace the company’s FSD.

In a statement announcing the approval, the RDW said that, “Using driver assistance systems correctly makes a positive contribution to road safety because the driver is supported in their driving tasks; it is a supplement to the driver. Through continuous strict monitoring of the driver in the vehicle, the system is safer than other driver assistance systems.”

The update implementing FSD Supervised (version 2026.3.6) has started rolling out to a limited number of users. Drivers will need to watch a tutorial and take a quiz before self-driving can be enabled, which reminds people that FSD Supervised “does not make your vehicle autonomous. Do not become complacent.”