For those with no time: A massive list containing around 150 million leaked passwords has been discovered – including accounts from Switzerland. You should immediately change your passwords, activate 2FA, and update your devices.
A publicly accessible database with almost 150 million leaked passwords was found online by Jeremiah Fowler. It contains e‑mail addresses, usernames, sometimes even login URLs – and demonstrably also Swiss logins. Such data collections enable account takeovers, fraud, and identity theft. We explain in simple terms what happened and how you can reliably protect yourselves now.
What exactly was discovered?
Jeremiah Fowler came across an unprotected database containing 149,404,754 records. Inside were login credentials for services such as Gmail, Yahoo, Outlook, iCloud, Facebook, Instagram, TikTok, Netflix, and more. The hosting provider took the database offline after being notified, but copies may still circulate.
Several .ch addresses also appeared. Among the mentioned services were Bluewin, Ricardo, Zalando, Parship, Mediamarkt, Interdiscount, and Ticketcorner. Even more concerning: the list included a URL leading to Raiffeisen’s e‑banking login page. According to Fowler, these are compromised user accounts, not hacked company systems.
How do our passwords end up in such lists?
Often through infostealer malware: small malicious programs that capture login credentials as you type them. Cybercriminals also use credential stuffing: they automatically test leaked username‑password combinations on multiple websites. If you reuse passwords, the likelihood of account takeover is very high.
Am I affected?
You can never know with 100% certainty.
But you can quickly check whether your e‑mail address appears in known leaks – for example using haveibeenpwned.com.
Note: Even if no match is found, your account may still be at risk because data can be resold or may not yet be publicly listed.
What you should do right now (step by step)
- Change your passwords
Start with your e‑mail accounts, then your most important services (banking, shopping, social media, cloud services, streaming).
Use strong, unique passwords for every service.
A password manager helps with this. - Activate two‑factor authentication (2FA)
Preferably via an authenticator app generating codes.
This blocks many attacks even if your password has leaked. - Update your devices and run an antivirus scan
This closes security gaps and detects potential infostealers.
Replace old devices that no longer receive security updates. - Don’t reuse passwords
Every account must have its own unique password.
This prevents chain reactions caused by credential stuffing. - Monitor your accounts
Watch for unusual logins, password resets, new orders, or money transfers.
React immediately if something seems suspicious.
Why this concerns all of us
E‑mail accounts are the key to many services: if someone controls your e‑mail, they can reset passwords and take over other accounts. That’s why leaked passwords are so dangerous – even if only one single account seems affected.
With just a few simple steps – strong passwords, 2FA, updates – you drastically reduce your risk.
Conclusion
The mega‑list discovered by Jeremiah Fowler shows that leaked passwords are not a marginal issue but everyday reality on the internet. You should act now: change your passwords, enable 2FA, secure your devices, and stop reusing passwords.
To be very clear: it is time to use a unique password for every service and to enable multi‑factor authentication everywhere it is offered – anything else is negligent.
