Google has responded to yesterday’s reports of a “breach” affecting some 183m Gmail accounts, claiming that the “breach” description is inaccurate, and that the compromised account details are in fact the result of “standard ongoing infostealer activity” which is neither unique, nor specific to Google.
A spokesperson for the tech giant told Prolific North in a statement: “Reports of a Gmail security “breach” impacting millions of users are entirely inaccurate and incorrect. They stem from a misreading of ongoing updates to credential theft databases, known as infostealer activity, whereby attackers employ various tools to harvest credentials versus a single, specific attack aimed at any one person, tool or platform. We encourage users to follow best practices to protect themselves from credential theft, such as turning on 2-step verification and adopting passkeys as a stronger and safer alternative to passwords, and resetting passwords when they are exposed in large batches like this.”
READ MORE: 183m Gmail accounts leaked in latest online data breach – are you affected?
The reports stemmed from an update to the to the Have I Been Pwned (HIBP) repository by its developer, cybersecurity expert and “ethical hacker” Troy Hunt. The update, reportedly related to data leak in April of this year, followed a number of high-profile cyberattacks on businesses including Jaguar Land Rover and Marks and Spencer, and follows a similar leak that was detected in May 2025, that exposed more than 184m in passwords for services including Apple, Facebook and and Snapchat.
The data exposed in the latest leak included web addresses, emails, and passwords, components which were identified as being the result of a combination of stealer logs and credential-stuffing collections. After scrutinising a random selection of 94,000 entries, HIBP’s Hunt concluded that 92% were pre-existing and had already appeared earlier in earlier data compromises, meaning that eight per cent of the data set, or about 16.4m unique email addresses and passwords, had never been exposed to a previous breach.
Google additionally supplied some security top tips for users concerned about their data security:
- This is ongoing infostealer activity that happens across the web, with attackers employing various tools to harvest credentials – it’s a not a single, specific attack aimed at any one person, tool or platform
- Please see more detail on setting up passkeys and what to do if you think your account has been hacked.
- Additionally, to help users, we have a process for resetting passwords when we come across large credential dumps such as this. See this page for more information.
