top of page

Millions of Gmail Passwords Exposed in Recent Data Leak

  • Writer: tech360.tv
    tech360.tv
  • 2 minutes ago
  • 2 min read

More than 183 million login credentials, including confirmed Gmail passwords, have emerged from a recent data breach. Troy Hunt, owner of Have I Been Pwned, added website URLs, email addresses, and passwords to the widely used database.


Woman in blue uses a phone to manage emails. "Unsubscribe" text appears. Gmail app logo, list background. Calm, focused scene.
Credit: GOOGLE

The data consisted of "stealer logs and credential stuffing lists," Hunt said. This breach follows an earlier report this year about a data leak involving more than 184 million passwords and logins affecting various online services.


Colorful Gmail logo with red, blue, green, and yellow sections overlapping to form an envelope shape on a white background.
Credit: GOOGLE

Have I Been Pwned serves as a free, essential resource for individuals concerned about their account login security. It helps users discover when their email addresses, accounts, or passwords appear in data leaks and dark web breach lists.


Benjamin Brundage from Synthient revealed that the data came from monitoring infostealer platforms for nearly a year. Synthient provided Have I Been Pwned with 3.5 terabytes of data, comprising 23 billion rows.


Hunt explained the output of the stealer logs primarily consisted of website addresses, email addresses, and passwords. He noted that "Someone logging into Gmail," for example, would have their email address and password captured against gmail.com.


An analysis of a 94,000-credential sample revealed 92% were not new. Most previously observed data came from ALIEN TXTBASE stealer logs, Hunt confirmed.


However, 8% of the data was new, representing more than 14 million credentials. The final tally was 16.4 million addresses previously unseen in any data breach.


Have I Been Pwned verifies credentials by sending details to impacted subscribers. One respondent, already concerned about his Gmail account, validated an entry as "an accurate password on my Gmail account."


All users are advised to check their account credentials at Have I Been Pwned. A Google spokesman stated that this report covers "broad infostealer activity that targets many types of web activities."


Google advises users to enable two-step verification and adopt passkeys as a simpler, stronger alternative to passwords. Gmail users who suspect their account has been compromised should immediately sign in and review account activity.


If unable to sign in, users can access the Google account recovery page and answer the presented questions to the best of their ability. Google also stated, "Additionally, to help users, we have a process for resetting passwords when we come across large credential dumps such as this."


Users can check if their Gmail password is exposed, weak, or reused via the Chrome password manager. This feature is accessible in Chrome by selecting Passwords and autofill from the top-right menu, then Google Password Manager | Checkup.


This process reveals compromised or weak passwords, similar to other password manager applications and the Have I Been Pwned database check. Google will prompt users to change unsafe Google Account passwords, even without using Password Checkup.


The company also informs users about passwords reused across multiple accounts and services. "We recommend that you change any compromised passwords as soon as you can," Google advised. Reusing passwords across services significantly increases security risks.

  • More than 183 million login credentials, including Gmail passwords, exposed in a recent data breach.

  • Data, originating from infostealer platforms, totalled 3.5 terabytes and included website URLs, email addresses, and passwords.

  • Have I Been Pwned confirmed 16.4 million previously unseen email addresses in the leak.


Source: FORBES

As technology advances and has a greater impact on our lives than ever before, being informed is the only way to keep up.  Through our product reviews and news articles, we want to be able to aid our readers in doing so. All of our reviews are carefully written, offer unique insights and critiques, and provide trustworthy recommendations. Our news stories are sourced from trustworthy sources, fact-checked by our team, and presented with the help of AI to make them easier to comprehend for our readers. If you notice any errors in our product reviews or news stories, please email us at editorial@tech360.tv.  Your input will be important in ensuring that our articles are accurate for all of our readers.

Tech360tv is Singapore's Tech News and Gadget Reviews platform. Join us for our in depth PC reviews, Smartphone reviews, Audio reviews, Camera reviews and other gadget reviews.

  • YouTube
  • Facebook
  • TikTok
  • Instagram
  • Twitter
  • LinkedIn

About Us

Privacy Policy

Disclaimer

info@tech360.tv

© 2021 tech360.tv. All rights reserved.

bottom of page