WEB DESK: Cybersecurity experts have issued an urgent warning after a massive database containing over 183 million email passwords, including tens of millions linked to Gmail accounts, surfaced online in one of the largest credential leaks ever recorded.
According to The Independent, trove, roughly 3.5 terabytes of stolen data, was first detected by cybersecurity researcher Troy Hunt, who runs the breach-notification website Have I Been Pwned. Hunt said the leak was not the result of a direct Gmail hack but rather a compilation of information stolen by “infostealer” malware, which extracts login credentials from infected computers.
The stolen cache, which includes 23 billion login records from Gmail, Outlook, Yahoo, and hundreds of other platforms, was traced to criminal marketplaces and underground Telegram channels, according to cybersecurity firm Synthient. Researchers confirmed that some Gmail passwords in the dataset were still active, reflecting the scale of the threat.
Google has acknowledged the leak but clarified that its systems were not breached. A spokesperson said the credentials were harvested through malware and phishing campaigns, not a single attack on Gmail itself. The company urged users to enable two-step verification, use unique passwords, and run regular password checks through Google’s built-in tools.
Users can visit HaveIBeenPwned.com to check if their email credentials were compromised, and those affected should immediately reset their passwords and avoid reusing them across accounts.
Security analysts warned that attackers could exploit the leaked data for “credential stuffing”, where stolen username-password pairs are used to infiltrate banking, cloud, and social media platforms.
“The real danger isn’t Gmail being hacked, it’s users recycling passwords,” Hunt said, adding that complacency remains the biggest cybersecurity risk.