A large-scale data leak involving more than 183 million user credentials, including Gmail passwords, has been confirmed, reigniting concerns about online security.
Update (27 October 2025): A Google spokesperson has clarified that the data referenced in this report stems from ongoing “infostealer” activity and is not a specific Gmail security breach. The company urges users to adopt two-step verification and passkeys for added protection. Read the full statement at the end of this article.
Cybersecurity experts have traced the breach to a vast database containing login details, website URLs, and email addresses collected from “stealer logs” — malicious files used by hackers to capture user credentials.
According to Forbes, the database was added to the Have I Been Pwned (HIBP) system on 21 October 2025, confirming that millions of compromised passwords were circulating online.
HIBP founder Troy Hunt said the leak involved 3.5 terabytes of data spread across 23 billion entries.
“Someone logging into Gmail ends up with their email address and password captured against gmail.com,” Hunt explained, noting that this leak represents both recycled and newly compromised accounts .
The breach, dubbed the Synthient Stealer Log Threat Data, includes credentials not just from Google but also from Apple, Facebook, and Instagram users. Initial analysis shows that roughly 92% of the leaked information was old and had appeared in previous data dumps.
However, the remaining 8% — approximately 16.4 million accounts — were entirely new, meaning these passwords had never been exposed before.
Hunt said HIBP verified the authenticity of the stolen Gmail data by contacting affected subscribers.
“One of the respondents confirmed that the entry was an accurate password on my Gmail account,” he wrote.
This verification confirmed that some of the newly leaked Gmail passwords were active and valid.
The data was reportedly gathered from information-stealing malware that records login credentials when victims unknowingly install infected software or browser extensions.
Cybersecurity firm Synthient, which provided the dataset to HIBP, said the breach was the result of nearly a year’s worth of monitoring across several hacker platforms.
The firm’s analyst, Benjamin Brundage, described the findings as “an alarming window into how widespread credential theft has become.”
The breach is part of a rising global trend in password theft. In early 2025, a similar leak exposed more than 184 million login details from popular platforms, prompting tech companies to tighten their security policies.
Google, which has not yet released an official statement on this latest incident, is expected to advise users to reset their passwords and enable two-factor authentication.
Security experts are urging the public to check whether their accounts have been affected by visiting haveibeenpwned.com and entering their email addresses. If an account appears in the database, users should change their passwords immediately and avoid reusing them across different platforms.
Hunt also emphasised the importance of using password managers to generate strong, unique passwords and warned against clicking on suspicious links or downloading unverified applications.
“If you reuse your passwords, and please don’t do that, it will mean changing them at every single account where they are repurposed,” he said.
Google Responds:
Reports of a Gmail security “breach” impacting millions of users are entirely inaccurate and incorrect. They stem from a misreading of ongoing updates to credential theft databases, known as infostealer activity, whereby attackers employ various tools to harvest credentials versus a single, specific attack aimed at any one person, tool or platform. We encourage users to follow best practices to protect themselves from credential theft, such as turning on 2-step verification and adopting passkeys as a stronger and safer alternative to passwords, and resetting passwords when they are exposed in large batches like this.” – a Google spokesperson
