Stay informed with our newsletter.
.webp){kind=spacer}
EN
An enormous data leak has exposed 183 million email passwords, affecting multiple providers and including millions of Gmail accounts. If you might be impacted, use reputable breach-checking tools to see whether your address appears in the dataset, enable two-factor authentication, change reused passwords immediately, and update any compromised credentials. Consider a password manager to generate unique logins for every service. Monitor your accounts for suspicious activity and beware phishing attempts exploiting news of the breach.
A colossal spill of credentials has revealed over 183 million email passwords, with tens of millions tied to Gmail, an event many security pros rank among the largest dumps ever found. The cache about 3.5 terabytes, popped up online this month, said Troy Hunt, the Australian researcher behind Have I Been Pwned.
Hunt explained the haul was scraped over a year from “infostealer” operations, malware that quietly lifts logins and site URLs from infected computers. In a blog update, he noted the trove mixes raw stealer logs with massive credential-stuffing compilations. Another sweeping breach has pushed more than 183 million email passwords into the wild, including a huge slice belonging to Gmail users. When someone signs in to Gmail on an infected device, their address and password can be snatched and logged against gmail.com.
Hunt said the dataset holds 183 million distinct accounts, with roughly 16.4 million email addresses never previously seen in any public breach. To see whether your details are in the pile, head to HaveIBeenPwned.com and run your email. If it’s listed, you’ll get the breach date and what kind of incident it was. Synthient, the security company that gathered the logs, said the material came from criminal markets and underground Telegram channels where stolen credentials are traded in bulk. Synthient analyst Benjamin Brundage said the results highlight just how far infostealer malware has spread.
Researchers added that much of the list recycles older breaches, but millions of Gmail accounts were freshly confirmed when victims verified the exposed passwords still worked. First spotted in April and disclosed publicly last week, the leak spans not just Gmail but credentials for Outlook, Yahoo, and hundreds of other services. Hunt said the stash shows how pilfered logins resurface for years on forums, continually fueling attacks when people reuse passwords. He emphasized there was no direct break-in at Gmail itself; the theft relied on malware on users’ machines capturing their credentials.
That’s why the fallout goes well beyond inboxes, experts warned.
Because many people reuse the same password across apps, cloud storage, banks, social feeds, attackers can ride one stolen pair into multiple accounts via automated “credential stuffing.” “Claims of a Gmail security ‘breach’ affecting millions are wrong,” a Google spokesperson told The Post. “These reports misread updates to databases of credentials stolen by infostealers, attackers use assorted tools to harvest logins, not a single, targeted hack of one service.” “We urge users to stick to best practices: turn on 2-Step Verification, consider passkeys for stronger protection, and reset passwords when large dumps like this surface.”
Security teams worldwide urged Gmail users to move fast. “If you’re among the 183 million, change your email password now and enable two-factor authentication,” Hunt advised. UK analyst Michael Tigges of Huntress told Yahoo News that while Gmail wasn’t directly compromised, the incident should jolt anyone who relies on their browser to store passwords. “This isn’t a single breach, it’s a giant aggregation of logs from countless stealer infections,” Tigges said.
“It underlines why you must avoid sharing passwords across sites and keep tight oversight of both personal and business email security.” Security writer Graham Cluley told the Daily Mail that people should use unique passwords for every account and keep them in an encrypted password manager, not in their browser where malware can easily scrape them.
Google’s Password Manager Checkup scans Chrome’s saved logins and flags weak, reused, or breached passwords, and Google says it prompts resets when it detects big credential dumps. Researchers say most of these stolen logins were lifted via fake downloads, phishing attachments, or malicious browser extensions, often without victims noticing an infection.
Experts cautioned that criminals could monetize this database for months or years, selling verified Gmail logins to fraud rings.
For questions or comments write to contactus@bostonbrandmedia.com
Source: nypost
.jpg)
