A newly published incident report describes a massive credential exposure involving 149,404,754 unique logins and passwords stored in a publicly accessible database. Cybersecurity researcher Jeremiah Fowler says the dataset was not password-protected and not encrypted, and it contained about 96 GB of raw credential data. In addition to usernames and passwords, many records also included the exact login URLs, which can speed up automated account takeover attempts.