A large-scale data leak involving more than 183 million user credentials, including Gmail passwords, has been confirmed, reigniting concerns about online security.
Cybersecurity experts have traced the breach to a vast database containing login details, website URLs, and email addresses collected from “stealer logs” — malicious files used by hackers to capture user credentials.
According to Forbes, the database was added to the Have I Been Pwned (HIBP) system on 21 October 2025, confirming that millions of compromised passwords were circulating online.
HIBP founder Troy Hunt said the leak involved 3.5 terabytes of data spread across 23 billion entries.
“Someone logging into Gmail ends up with their email address and password captured against gmail.com,” Hunt explained, noting that this leak represents both recycled and newly compromised accounts .
The breach, dubbed the Synthient Stealer Log Threat Data, includes credentials not just from Google but also from Apple, Facebook, and Instagram users. Initial analysis shows that roughly 92% of the leaked information was old and had appeared in previous data dumps.
However, the remaining 8% — approximately 16.4 million accounts — were entirely new, meaning these passwords had never been exposed before.
Hunt said HIBP verified the authenticity of the stolen Gmail data by contacting affected subscribers.
“One of the respondents confirmed that the entry was an accurate password on my Gmail account,” he wrote.
This verification confirmed that some of the newly leaked Gmail passwords were active and valid.
The data was reportedly gathered from information-stealing malware that records login credentials when victims unknowingly install infected software or browser extensions.
Cybersecurity firm Synthient, which provided the dataset to HIBP, said the breach was the result of nearly a year’s worth of monitoring across several hacker platforms.
The firm’s analyst, Benjamin Brundage, described the findings as “an alarming window into how widespread credential theft has become.”
The breach is part of a rising global trend in password theft. In early 2025, a similar leak exposed more than 184 million login details from popular platforms, prompting tech companies to tighten their security policies.
Google, which has not yet released an official statement on this latest incident, is expected to advise users to reset their passwords and enable two-factor authentication.
Security experts are urging the public to check whether their accounts have been affected by visiting haveibeenpwned.com and entering their email addresses. If an account appears in the database, users should change their passwords immediately and avoid reusing them across different platforms.
Hunt also emphasised the importance of using password managers to generate strong, unique passwords and warned against clicking on suspicious links or downloading unverified applications.
“If you reuse your passwords, and please don’t do that, it will mean changing them at every single account where they are repurposed,” he said.
