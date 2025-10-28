A massive data breach has reportedly put millions of email users at risk, including accounts associated with Google’s Gmail. Troy Hunt, an Australian security researcher who runs the breach-notification site Have I Been Pwned, claimed that the stolen trove, which has surfaced online, contains 3.5 terabytes of data. The leak reportedly contains 3.5 terabytes of data. (Unsplash)

183 million passwords leaked:

The compromised dataset contains 183 million unique accounts and about 16.4 million addresses that have not been affected by previous breaches, reported the New York Post.

How to check if your password is compromised?

The outlet reported that users can visit HaveIBeenPwned.com to check if their credentials have been compromised. The site gives a detailed timeline of a flagged email breach.

What to do next?

If a user’s email address is flagged, the first thing to do is change the password and enable two-factor authentication. Hunt wrote, “If you’re one of the 183 million people affected, you need to change your email password immediately and enable two-factor authentication if you haven’t already.”

How was the data stolen?

In a blog post, Hunt explained that the leaked credentials were captured through Stealer logs, which are a series of data files generated and compiled by malicious software known as infostealers.

“Someone logging into Gmail, for example, ends up with their email address and password captured against gmail.com,” Hunt wrote, adding that three things are leaked in the process, “website address,” “email address,” and “password.”

Was Gmail breached?

“Reports of a Gmail security ‘breach’ impacting millions of users are entirely inaccurate and incorrect,” a Google spokesperson told the outlet.

“They stem from a misreading of ongoing updates to credential theft databases, known as infostealer activity, whereby attackers employ various tools to harvest credentials versus a single, specific attack aimed at any one person, tool or platform,” the spokesperson continued.

“We encourage users to follow best practices to protect themselves from credential theft, such as turning on 2-step verification and adopting passkeys as a stronger and safer alternative to passwords, and resetting passwords when they are exposed in large batches like this.”