183 million Gmail passwords leaked. Getty Images
A massive data breach has once again put millions of online users at risk. Around 183 million login credentials, including confirmed Gmail accounts, have surfaced in a newly reported database leak.
The breach, added to the Have I Been Pwned (HIBP) database on October 21, contained a staggering number of email addresses, passwords, and website URLs — raising fresh concerns over digital privacy.
Cybersecurity expert Troy Hunt, who manages HIBP, revealed that the data originated from “stealer logs and credential stuffing lists,” many linked to Gmail.
Inside the Massive Breach
The discovery follows a similar leak reported earlier this year that exposed over 184 million credentials belonging to users of major platforms such as Apple, Facebook, and Instagram. This latest breach appears connected, surfacing from data collected between mid-2024 and early 2025.
The information, supplied by cybersecurity firm Synthient, reportedly came from infostealer platforms that secretly capture user data through malware. Over the course of nearly a year, Synthient gathered 3.5 terabytes of stolen information, totaling 23 billion data rows.
Hunt explained that most of the logs included three essential pieces of information — a website address, an email, and a password. “Someone logging into Gmail ends up with their email address and password captured against gmail.com,” he said.
Not All Old Data — Millions of New Passwords Found
Before publishing the database, Hunt and his team verified its authenticity. Their analysis of a 94,000-sample set showed that 92% of the entries had appeared in earlier leaks, mainly in the ALIEN TXTBASE stealer logs.
But what remains alarming is the 8% of new, unseen credentials — equivalent to over 16 million fresh email and password combinations. That means millions of accounts, including Gmail users, were compromised for the first time.
To confirm the legitimacy of the data, Hunt reached out to some subscribers listed in the breach. One affected user confirmed that the password tied to his Gmail account was indeed accurate.
Why You Should Check Your Account Now
The leak is not limited to Gmail users alone. With credential reuse still common, millions of people may unknowingly be at risk across various online services.
Experts are urging everyone to check whether their credentials appear in the new breach by visiting HaveIBeenPwned.com, a free tool that alerts users when their information is found in compromised datasets.
If your email address appears in the breach, change your password immediately. Cybersecurity specialists also recommend enabling two-factor authentication (2FA) and avoiding password reuse across multiple platforms.
A Growing Threat in the Digital Age
This breach is yet another reminder of how vast the underground market for stolen credentials has become. With billions of records circulating across dark web forums, even a small percentage of new data represents millions of active accounts.
As digital threats continue to evolve, experts stress that strong, unique passwords and proactive monitoring are no longer optional — they are essential.
