On Tuesday, the Department of Justice and the plaintiffs in the antitrust case against Google filed a cross-appeal, as the DOJ Antitrust Division announced in a post on X: “Today, the DOJ Antitrust Division filed notice that it will cross-appeal from the remedies decisions in its case against Google’s unlawful monopolization of internet search and search advertising.”

Just a few weeks ago, Google itself filed a notice to appeal and requested a pause on the remedies ordered by DC District Court Judge Amit Mehta last year. Those remedies included requiring Google to share search data with its rivals and barring Google from making exclusive distribution deals for its search or AI products that could hinder distribution for competitors. However, Google was ultimately not required to sell its Chrome browser and wasn’t barred from paying distribution partners for preloading or premium placement of its search or AI products.

The DOJ’s cross-appeal suggests that neither party is fully satisfied with Judge Mehta’s ruling in the case, or at least the remedies ordered in September.

It has been a rough start to the year for password security. A massive database containing 149 million stolen logins and passwords was found publicly exposed online. 

The data included credentials tied to an estimated 48 million Gmail accounts, along with millions more from popular services. Cybersecurity researcher Jeremiah Fowler, who discovered the database, confirmed it was not password-protected or encrypted. Anyone who found it could have accessed the data. 

Here is what we know so far and what you should do next.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

AI WEARABLE HELPS STROKE SURVIVORS SPEAK AGAIN

What was found in the exposed database

The database contained 149,404,754 unique usernames and passwords. It totaled roughly 96 GB of raw credential data. Fowler said the exposed files included email addresses, usernames, passwords and direct login URLs for accounts across many platforms. Some records also showed signs of info-stealing malware, which silently captures credentials from infected devices. 

Importantly, this was not a new breach of Google, Meta or other companies. Instead, the database appears to be a compilation of credentials stolen over time from past breaches and malware infections. That distinction matters, but the risk to users remains real.

Which accounts appeared most often

Based on estimates shared by Fowler, the following services had the highest number of credentials in the exposed database.

• 48 million – Gmail
• 17 million – Facebook
• 6.5 million – Instagram
• 4 million – Yahoo Mail
• 3.4 million – Netflix
• 1.5 million – Outlook
• 1.4 million – .edu email accounts
• 900,000 – iCloud Mail
• 780,000 – TikTok
• 420,000 – Binance
• 100,000 – OnlyFans

Email accounts dominated the dataset, which matters because access to email often unlocks other accounts. A compromised inbox can be used to reset passwords, access private documents, read years of messages and impersonate the account holder. That is why Gmail appearing so frequently in this database raises concerns beyond any single service.

SUPER BOWL SCAMS SURGE IN FEBRUARY AND TARGET YOUR DATA

Why the exposed database creates serious security risks

This exposed database was not abandoned or forgotten. The number of records increased while Fowler was investigating it, which suggests the malware feeding it was still active. There was also no ownership information attached to the database. After multiple attempts, Fowler reported it directly to the hosting provider. It took nearly a month before the database was finally taken offline. During that time, anyone with a browser could have searched it. That reality raises the stakes for everyday users.

This was not a traditional hack or company breach

Hackers did not break into Google or Meta systems. Instead, malware infected individual devices and harvested login details as people typed them or stored them in browsers. This type of malware is often spread through fake software updates, malicious email attachments, compromised browser extensions or deceptive ads. Once a device is infected, simply changing passwords does not solve the problem unless the malware is removed.

TIKTOK AFTER THE US SALE: WHAT CHANGED AND HOW TO USE IT SAFELY

How to protect your accounts after a massive password leak

This is the most important part. Take these steps even if everything seems fine right now. Credential leaks like this often surface weeks or months later.

1) Stop reusing passwords immediately

Password reuse is one of the biggest risks exposed by this database. If attackers get one working login, they often test it across dozens of sites automatically. Change reused passwords first, starting with email, financial and cloud accounts. Each account should have its own unique password. Consider using a password manager, which securely stores and generates complex passwords, reducing the risk of password reuse. 

Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

2) Switch to passkeys where available

Passkeys replace passwords with device-based authentication tied to biometrics or hardware. That means there is nothing for malware to steal. Gmail and many major platforms already support passkeys, and adoption is growing fast. Turning them on now removes a major attack surface.

3) Enable two-factor authentication on every account

Two-factor authentication (2FA) adds a second checkpoint, even if a password is exposed. Use authenticator apps or hardware keys instead of SMS when possible. This step alone can stop most account takeover attempts tied to stolen credentials.

4) Scan devices for malware with strong antivirus software

Changing passwords will not help if malware is still on your device. Install strong antivirus software and run a full system scan. Remove anything flagged as suspicious before updating passwords or security settings. Keep your operating system and browsers fully updated as well.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

5) Review account activity and login history

Most major services show recent login locations, devices and sessions. Look for unfamiliar activity, especially logins from new countries or devices. Sign out of all sessions if the option is available and reset credentials right away if anything looks off.

6) Use a data removal service to reduce exposure

Stolen credentials often get combined with data scraped from data broker sites. These profiles can include addresses, phone numbers, relatives and work history. Using a data removal service helps reduce the amount of personal information criminals can pair with leaked logins. Less exposed data makes phishing and impersonation attacks harder to pull off.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

7) Close accounts you no longer use

Old accounts are easy targets because people forget to secure them. Close unused services and delete accounts tied to outdated app subscriptions or trials. Fewer accounts mean fewer chances for attackers to get in.

Kurt’s key takeaways

This exposed database is another reminder that credential theft has become an industrial-scale operation. Criminals move fast and often prioritize speed over security. The good news is that simple steps still work. Unique passwords, strong authentication, malware protection and basic cyber hygiene go a long way. Do not panic, but do not ignore this either.

If your email account was compromised today, how many other accounts would fall with it? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

Copyright 2026 CyberGuy.com. All rights reserved.  

The original Switch is officially Nintendo’s best-selling console of all time after surpassing the DS handheld in lifetime sales. In its latest earnings release, Nintendo reports that the Nintendo Switch has, as of December 31, 2025, sold 155.37 million units since its launch in 2017, compared to 154.02 million units for the 2004 Nintendo DS.

In November, Nintendo reported that the Switch and DS were neck and neck. We expected the holiday sales period would see the Switch surpass the DS, even with Nintendo announcing that primary development would focus on the Switch 2. Nintendo previously said that it would continue to sell the original Switch “while taking consumer demand and the business environment into consideration.”

Nintendo has to keep selling the Switch if it wants to dethrone Sony’s PlayStation 2 as the best-selling video game console of all time. The PlayStation 2, discontinued in January 2013, sold more than 160 million units over its 13-year lifespan.

Demand for the Switch 2 accelerated over the holidays, with Nintendo reporting 7.01 million units sold during the quarter covering October through December, compared to 4.54 million units in the previous quarter. In total, the Switch 2 has now sold 17.37 million units since it launched in June 2025, taking less than a year to surpass the Wii U’s 13.7 million lifetime sales.

The Switch 2 launch has helped Nintendo to drive a 51 percent increase in net profit over the first nine months of FY26, reaching ¥358.86 billion (about $2.31 billion). Net sales almost doubled during the same period, jumping to ¥1.906 trillion (about $12.2 billion) compared to ¥956.2 billion ($6.1 billion) last year. Looking ahead, Nintendo maintains its forecast to sell 19 million Switch 2 units by the end of this financial year.