Gmail Users Alert: 183 Million Passwords Leaked in Security Breach

Another leak with 183 million email addresses and passwords has been posted. It consists of verified Gmail accounts. The breach was verified by a cybersecurity expert named Troy Hunt of Have I Been Pwned (HIBP).

Site URLs, email addresses and plain-text passwords are found in the dump. It is based on infostealer malware and credential stuffing lists generated in April 2025. According to Hunt, the database is 3.5 TB, and it contains approximately 23 billion records of logins.

HIBP confirmed the breach to be true by confirming that one Gmail password had been used. That is a major cause of concern, since the acquisition of a Gmail account could give attackers the authority over other related services.

Of 94,000 records, Hunt discovered an approximation of 92% had been present in older leaks. This amounted to more than 14 million fresh credentials in the entire dataset, with an approximate number of 8% of them new.

The information does not affect only Gmail, but numerous other worldwide sites. Attackers can still target the appropriate sites with the use of automated credential-stuffing attacks since every record contains a service URL.

What Users Should Do

Users have been advised by experts to:

• See their exposure at Have I Been Pwned.
• Stop using the same passwords and change them now, beginning with Gmail.
• Unless you are absolutely certain of your account, turn on two-factor authentication (2FA).
• Apply different passwords to each service, using a password manager is preferable.
• Think about passkeys or more secure forms of authentication.

This infringement demonstrates the persistence of the threat of credit reuse and the increasing popularity of combo lists with cybercriminals. Professionals anticipate further attacks of credential-stuffing on large email providers.

Users should be on the lookout as firms shift to passwordless authentication. The most effective immediate protection is switching passwords and using 2FA.