A massive data leak has exposed over 183 million email passwords, including millions linked to Gmail accounts. The breach, uncovered by Australian security researcher Troy Hunt, reveals a year-long sweep of malware networks that secretly siphon usernames and passwords from infected devices.
The leaked data contains 3.5 terabytes of information, including stolen logs and credential stuffing lists. If you’re among the affected users, visiting HaveIBeenPwned.com and entering your email addresses can help determine if your credentials are compromised.
Security experts warn that most entries in the leak are recycled from older breaches, but millions of newly compromised Gmail accounts were verified when users confirmed exposed passwords matched their active credentials.
The breach is not a direct hack of Gmail but rather an attack using malware on users’ computers to capture logins. Cybersecurity analysts emphasize the importance of password hygiene and encourage users to reset their passwords immediately, enable two-factor authentication, and adopt passkeys as a stronger alternative to passwords.
Experts advise that attackers could use this database for months or years by selling verified Gmail logins to fraud networks. The real threat lies in complacency, with security experts stressing the need to avoid reusing passwords across multiple sites and instead prioritize password management best practices.
Source: https://nypost.com/2025/10/27/business/183m-email-passwords-exposed-in-data-leak-including-millions-of-gmail-accounts-heres-how-to-check-if-yours-is-safe