149M Credential Dump Exposed: 420,000 Binance Logins Compromised via Infostealers

Security researcher Jeremiah Fowler has uncovered a massive 96GB database exposing 149 million unique username and password combinations. The unprotected dataset, which remained publicly accessible until recently, included approximately 420,000 credentials specifically targeting Binance accounts.

The Discovery

Fowler located the open database on January 23, identifying 149,404,754 records available without password protection or encryption. The cache appears to be an aggregation of logs harvested by "infostealer" malware, malicious code that sits on a victim’s device to scrape login fields and session cookies.

"The publicly exposed database was not password-protected or encrypted. It contained 149,404,754 unique logins and passwords, totaling a massive 96 GB of raw credential data.". Jeremiah Fowler

The Crypto Vector

While the dump includes 48 million Gmail and 17 million Facebook accounts, the threat to crypto users is acute. The 420,000 Binance records likely represent users with compromised endpoints rather than a breach of the exchange itself. Because the data comes from client-side malware, 2FA bypass is possible if session cookies were also harvested alongside static credentials.

BNB traded sideways at $870 following the report, signaling the market correctly identified this as a user-security issue rather than a protocol-level failure. However, the volume of data provides ample ammunition for credential stuffing attacks across other exchanges where users may recycle passwords.

Status and Risk

The database was hosted in Canada and has since been taken offline after Fowler contacted the provider. However, the time-to-discovery gap suggests the data could already be circulating in private dark web auctions. Traders should assume any device used for these logins is infected and conduct a full forensic wipe immediately.