Credentials were for Gmail, iCloud, TikTok, Facebook, OnlyFans, Binance, multiple countries' government systems, banks, and more. It was unclear who the database belonged to, so researcher Jeremiah Fowler notified the hosting provider, who took it down as a Terms of Service violation. He said he believes the database was due to an infostealer and that it was growing during his attempts to get it taken down, highlighting that perhaps infostealers are starting to become a bigger problem.
This is a companion discussion topic for the original entry at https://www.privacyguides.org/news/2026/01/30/data-breach-roundup-jan-23-jan-29-2026