A major data breach has reportedly exposed millions of email accounts to potential risk, including those linked to Google’s Gmail. According to Australian security researcher Troy Hunt, who operates the breach-notification site Have I Been Pwned, the leaked dataset, now circulating online, contains approximately 3.5 terabytes of stolen information.
According to the New York Post, the compromised dataset includes 183 million unique accounts, with roughly 16.4 million email addresses that have not appeared in any previous breaches.
How to check if your password was compromised
Users can visit HaveIBeenPwned.com to see if their credentials have been exposed. The website provides a detailed history and timeline of any detected email breaches.
If your email address appears in the breach, immediately change your password and enable two-factor authentication. As Troy Hunt advised, “If you’re one of the 183 million people affected, you need to change your email password immediately and enable two-factor authentication if you haven’t already.”
How the data was stolen
In a blog post, Hunt explained that the leaked information originated from stealer logs, data files collected and compiled by malicious software known as infostealers, which are designed to extract login credentials and other sensitive information from infected devices.
Troy Hunt explained that when someone logs into a service like Gmail, their login details can be captured by malicious software. “Someone logging into Gmail, for example, ends up with their email address and password recorded alongside gmail.com,” he wrote, noting that three pieces of information are typically exposed in such cases: the website address, email address, and password.
Was Gmail breached?
A Google spokesperson clarified that reports of a widespread Gmail “breach” affecting millions of users are “entirely inaccurate and incorrect.” “These claims result from a misunderstanding of ongoing updates to credential theft databases, known as infostealer activity, where attackers use various tools to collect login information, rather than a targeted breach against any single user, service, or platform,” the spokesperson explained.
Google emphasised the importance of following strong security practices, advising users to enable two-step verification, switch to passkeys for enhanced protection, and promptly reset passwords if their credentials appear in large-scale leaks like this one.
Comments