Around 183m Gmail accounts and their login details have been compromised, and now added to the Have I Been Pwned (HIBP) repository by its developer, cybersecurity expert and “white-hat hacker” Troy Hunt, allowing end-users to determine whether they have an account breached.
The revelation follows a number of high-profile cyberattacks on businesses including Jaguar Land Rover and Marks and Spencer, and follows a similar breach that was detected in May 2025 that exposed more than 184m in passwords for services including Apple, Facebook and and Snapchat.
Hunt’s survey reveals that the newly added information, which Forbes reports stems from a data breach in April of this year, consists of data including web addresses, emails, and passwords. These components are a result of a combination of stealer logs and credential-stuffing collections.
Malicious software creates stealer logs, which contain the login information of devices that have been compromised, and the credential-stuffing lists are large databases of stolen logins used by attackers to make attempts of unauthorised access to other accounts. The dataset is reportedly based not on one affected enterprise but a long-term aggregation of stolen credentials that are circulating in the network of cybercriminals.
The cumulative amount of information that had been sent to HIBP amounted to around 3.5 terabytes, including 231bn records of stolen information. Most of the records were obtained as part of the Synthient threat-intelligence project, which had been actively tracking the activities of infostealers over nearly a year.
After scrutinising a random selection of 94,000 entries, HIBP’s Hunt concluded that 92% were pre-existing and had already appeared earlier in earlier data compromises. However, eight per cent of the data set, or about 16.4m unique email addresses and passwords, had never been exposed to a previous breach.
The new section forms the key area of concern of cybersecurity experts, which means that millions of authentication credentials of people were stolen recently and can potentially be used.
One of the interesting facts presented in the report by Hunt is the confirmation that there was a sub-group of Gmail accounts that were directly compromised, with users saying that the Gmail passwords listed in the dataset were still accessible at the time of discovery.
This is enhanced by the fact that Gmail accounts are often used as credentials in many other services such as online banking, cloud storage and mobile devices. Therefore, one hacked Gmail account can be used to access the accounts of several personal or work-related accounts.
How to find out if you’re affected
The first step is to visit the Have I Been Pwned site, a credible and free-of-charge site which allows users to check whether their email or password has been leaked in any proven attack and does not store user data.
All one has to do is enter their email address in the HIBP search engine to carry out the check. If the email can be found in the results, it means that the credentials related to it are included in the data that is exposed. The user should promptly change the password of the affected account and any other services that the used password might have been used in.
Users should continue to look at the routine password update and use of two-factor authentication 2FA to enhance the security of their accounts, even in the case of no results.
The most evident security weakness is password reuse. The tendency of most people to use the same password in other accounts, because mnemonics are convenient, unknowingly increases the harm of cyber-attacks, even though it makes life online significantly easier.
The latest leak underlines the fact that even the most successful platforms like Gmail, Facebook, and Apple are not above the ubiquitous web of online crime. The breached information might not be coming right out of the servers of the platforms, but from an infected device or shared credentials of the users.
Other good online practice includes regular password changes, not using public Wi-Fi networks in case of sensitive logins, and the implementation of 2FA.
Google has responded noting that the “breach” is not specific to Gmail, and the result of standard, ongoing infostealer activity. A spokesperson for the tech giant told Prolific North in a statement: “Reports of a Gmail security “breach” impacting millions of users are entirely inaccurate and incorrect. They stem from a misreading of ongoing updates to credential theft databases, known as infostealer activity, whereby attackers employ various tools to harvest credentials versus a single, specific attack aimed at any one person, tool or platform. We encourage users to follow best practices to protect themselves from credential theft, such as turning on 2-step verification and adopting passkeys as a stronger and safer alternative to passwords, and resetting passwords when they are exposed in large batches like this.”
READ MORE: Co-op chief exec: All 6.5m members’ data was compromised in April cyber-attack
What You Should Do (If you haven’t already):
- Visit Have I Been Pwned to find out whether your email address has been leaked.
- If it has, change your passwords as soon as possible, starting with Gmail and other vital accounts.
- Turn on 2-factor authentication in any accounts that have this feature.
- Stop using the same password across multiple platforms (yes – we know it’s a pain).
- Use a password application to save strong passwords, with each password being unique.
