By 
A massive data leak containing over 183 million email passwords has been discovered online. The leak is a significant risk to users worldwide, according to reports and official statement by Google.
RELATED: Don’t fall for the trap: The sneaky tactics of business email scammers revealed
Early findings show that the breach includes credentials linked to Gmail and other services. It was confirmed by security expert Troy Hunt, founder of the breach-notification service “Have I Been Pwned.”
The Scale of the Breach
The stolen data trove is reported to be a massive 3.5 terabytes in size. According to analyses, it contains 183 million unique email accounts. Approximately 16.4 million of these addresses are not appearing in any previous known breaches, making them newly compromised.
How the Data Was Stolen: The Infostealer Method
Contrary to a direct hack of email providers, the credentials were harvested through “infostealer” malware. As Troy Hunt explained in a blog post, these malicious programs infect individual computers and record everything a user types, including website addresses, email addresses, and passwords when they log into services like Gmail.
Google’s Official Statement
In response to reports, a Google spokesperson clarified that this was not a breach of Gmail’s security systems. The spokesperson stated, “Reports of a Gmail security ‘breach’… are entirely inaccurate and incorrect,” explaining that the leak stems from “infostealer activity” that harvests credentials from individual users’ devices rather than a direct attack on Google.
What You Need to Do Now
If your email was part of this leak, immediate action is required to secure your account.
- Check Your Status: Visit HaveIBeenPwned.com to see if your email address was compromised
- Change Passwords Immediately: If you are affected, change the password for your email account and any other accounts that use the same password.
- Enable Two-Factor Authentication (2FA): This adds a critical layer of security, requiring a second form of verification beyond just your password.
- Consider Passkeys: Google recommends adopting passkeys as a stronger and safer alternative to traditional passwords.
This incident serves as a critical reminder for all internet users to practice robust password hygiene and enable advanced security features like 2FA to protect their digital identities.
