...
...
Next Story

183 million email passwords leaked in data breach: Is your Gmail safe? How to protect your data?

The massive leak reportedly exposed over 183 million email passwords. It also contains several passwords linked to Gmail accounts.

Published on: Oct 28, 2025 03:36 AM IST
Advertisement

A massive data breach has reportedly put millions of email users at risk, including accounts associated with Google’s Gmail. Troy Hunt, an Australian security researcher who runs the breach-notification site Have I Been Pwned, claimed that the stolen trove, which has surfaced online, contains 3.5 terabytes of data.

183 million passwords leaked:

The leak reportedly contains 3.5 terabytes of data. (Unsplash)
The leak reportedly contains 3.5 terabytes of data. (Unsplash)

The compromised dataset contains 183 million unique accounts and about 16.4 million addresses that have not been affected by previous breaches, reported the New York Post.

Also Read: These passwords can be hacked within 1 second. Full list here

How to check if your password is compromised?

The outlet reported that users can visit HaveIBeenPwned.com to check if their credentials have been compromised. The site gives a detailed timeline of a flagged email breach.

What to do next?

If a user’s email address is flagged, the first thing to do is change the password and enable two-factor authentication. Hunt wrote, “If you’re one of the 183 million people affected, you need to change your email password immediately and enable two-factor authentication if you haven’t already.”

How was the data stolen?

“Someone logging into Gmail, for example, ends up with their email address and password captured against gmail.com,” Hunt wrote, adding that three things are leaked in the process, “website address,” “email address,” and “password.”

Was Gmail breached?

“Reports of a Gmail security ‘breach’ impacting millions of users are entirely inaccurate and incorrect,” a Google spokesperson told the outlet.

Also Read: Why You Should Use a Password Manager for All Your Secrets, Not Just Logins

“They stem from a misreading of ongoing updates to credential theft databases, known as infostealer activity, whereby attackers employ various tools to harvest credentials versus a single, specific attack aimed at any one person, tool or platform,” the spokesperson continued.

“We encourage users to follow best practices to protect themselves from credential theft, such as turning on 2-step verification and adopting passkeys as a stronger and safer alternative to passwords, and resetting passwords when they are exposed in large batches like this.”

 
ABOUT THE AUTHOR
Trisha Sengupta

Trisha Sengupta works as Chief Content Producer at Hindustan Times with over six years of experience in the digital newsroom. Known for her ability to decode the internet’s most talked-about moments, she specialises in high-engagement storytelling that bridges the gap between viral trends and traditional journalism. Throughout her tenure, Trisha has focused on the intersection of technology, finance, and human emotion. She frequently covers personal finance and real estate struggles in hubs like Gurgaon, Bengaluru, and Hyderabad, while also documenting the unique challenges of the NRI experience. Her work often highlights the movements and philosophies of global newsmakers and personalities like Elon Musk, Mukesh Ambani, Nikhil Kamath, Dubai crown prince, and MrBeast. From reporting on Amazon or Meta layoffs and startup culture to the emergence of AI-driven platforms like Grok and xAI, she provides a grounded and empathetic perspective on the stories shaping our world. When not decoding the internet, Trisha is likely offline: lost in a book, exploring a historical ruin, or navigating the world as a solo traveler. She balances her fast-paced career with family time and a healthy dose of curiosity, currently trading her "human" sources for silicon ones as she masters AI to future-proof her storytelling.

SHARE THIS ARTICLE ON