183 million stolen Gmail credentials, sourced from malware rather than a direct breach of Google, can now be checked on Have I Been Pwned. Change your passwords and enable 2FA to secure your account.
Emails and passwords have circulated freely on an anonymous online platform. The information, stemming from computers infected by malware, involved not only Gmail accounts but also those from Apple, Facebook, and Instagram. The incident, unveiled on October 28 by Forbes and confirmed by Australian expert Troy Hunt, highlighted the extensive threat posed by “infostealers.”
A Massive Breach with Complex Origins
The alert was issued on October 21, 2025, following the addition of a new data set to the Have I Been Pwned (HIBP) database, a global reference for tracking data breaches.
The discovered 3.5 terabytes of information contained 183 million unique accounts, including 16.4 million addresses never exposed before.
According to Synthient, the cybersecurity platform behind the discovery, this data was sourced from a year of monitoring forums and dark web marketplaces where logs from information thieves circulate.
This breach is the result of an aggregation of thousands of isolated thefts. Software such as RedLine and Vidar collected credentials stored on compromised computers before compiling them into an enormous file.
These stealer logs contain email addresses, passwords, and sometimes the exact URLs where these credentials were utilized.
No Breach at Google, But Compromised Data
In light of the widespread panic, Google sought to clarify the situation. In a statement, the company denied any breach in its systems: “Reports of a security breach in Gmail are inaccurate. They represent a misunderstanding of activities related to data stolen from credential thefts,” a spokesperson stated.
In other words, Gmail was not hacked. Compromised accounts were affected due to local infections or the reuse of passwords that were already stolen from other sources.
Consequently, the incident did not arise from an internal flaw. It results from a collective negligence of users and the ongoing proliferation of stolen credentials.
Despite this clarification, the discovery of so many Gmail accounts in the hacked database is concerning. According to Troy Hunt, “Gmail remains the top affected service simply because it is the most widely used.”
Experts are warning about the risks of credential stuffing, a technique that involves automatically testing the same email/password pair across multiple sites until valid access is obtained.
How to Know If Your Gmail Account Has Been Hacked
The first step is to check your email on Have I Been Pwned. By entering your email, anyone can discover if their credentials appear in a known breach. The service is free and reliable, and it now covers the new set of 183 million accounts.
If your email address appears, the immediate reaction should be to change the affected password and any other similar ones.
Even if your Gmail account has not been hacked, caution remains crucial. Specialists recommend avoiding identical passwords across multiple platforms. Moreover, it is advisable to use password managers built into Chrome, Safari, or Firefox.
Google strongly encourages enabling two-factor authentication (2FA). This protection adds a step—often a code sent to your phone—before allowing access.
Experts also recommend regularly changing your credentials and avoiding logins on public Wi-Fi networks without a VPN. It is best to use long passwords—at least 16 characters—combining uppercase letters, numbers, and symbols.
Finally, it is important to monitor for unusual login alerts on Gmail and other services. As researcher Graham Cluley points out, “it’s impossible to remember all your complex passwords; you need to delegate that task to a secure manager.”
