Google has repeatedly denied a fake claim that it suffered a data breach exposing 183 million Gmail accounts. The company stated that the compromised accounts were actually stolen from various sources, including information-stealing malware and other attacks over the years.
The claim began over the weekend and was widely reported by news outlets before being debunked by Google on Monday. However, this was not an isolated incident, as it is one of several instances in recent years where false data breach claims have spread rapidly online without verification.
Google’s explanation stated that infostealer databases regularly compile various credential theft activity across the web, and it is not reflective of a new attack aimed at any one person or platform. The company also clarified that there was no major Gmail security issue warning issued to users.
While the claims are false, exposed credentials can still be harmful. Threat actors commonly use them to breach corporate networks and carry out devastating attacks. However, reports of unfounded data breaches do not help anyone and cause undue stress for platform users and business customers.
Google had previously denied a similar claim that 2.5 billion Gmail accounts were compromised last month after the same news sites sensationalized it from a Salesloft breach impacting a small number of Google Workspace accounts.
Source: https://www.bleepingcomputer.com/news/security/google-disputes-false-claims-of-massive-gmail-data-breach