A massive cybersecurity alert has been issued after a colossal database containing 183 million email addresses and passwords surfaced online, exposing login credentials for Gmail, Outlook, Yahoo, and other major services. The leaked data, now part of the “Have I Been Pwned” breach-tracking platform, originated from years of “infostealer” malware infections that compromised users’ personal computers. Experts warn that the stolen credentials could be used in large-scale hacking attempts.
The 3.5-terabyte data cache was shared with HIBP by the threat intelligence firm Synthient and primarily includes “stealer logs.” These logs record users’ sensitive information, including website URLs, email addresses, and passwords. Cybersecurity researcher Troy Hunt confirmed that a significant number of credentials belonged to Gmail users, making this one of the largest collections of exposed personal data ever discovered online.
Read more : Google faces possible €525 million fine in France over gmail ad …
Furthermore, the initial investigation revealed that around 92% of the leaked credentials came from previously known breaches, while nearly 16.4 million email addresses were newly exposed and had never been identified in any earlier data leaks. Hunt also verified the authenticity of the dump after one subscriber confirmed their Gmail password matched the leaked data, raising serious concerns about widespread vulnerability.
In response, Google clarified that its systems remain secure and that there has been no direct breach of Gmail’s infrastructure. The company emphasized that reports of a “Gmail hack” are misleading, as the data came from infostealer malware on users’ devices rather than from Google’s servers. However, Google urged users to take immediate precautions to safeguard their accounts against potential misuse.
Read more : France slaps google with massive fine over gmail ads
To enhance protection, Google advised all users to check whether their email addresses were compromised using the free HIBP tool, enable two-factor authentication, and create strong, unique passwords for each account. Additionally, users are encouraged to switch to passkeys for enhanced login security and to change their passwords immediately if found in any breach. Experts stress that adopting these preventive measures can drastically reduce the risk of account hijacking and identity theft.