Khaberni - Recent security reports have uncovered a massive breach that resulted in the theft of more than 183 million passwords and email addresses, prompting security experts to urge all Gmail users to immediately check their accounts.
In a troubling development that shakes the world of cybersecurity, research has revealed a massive leakage including more than 183 million passwords and credentials according to "Daily Mail" through a series of campaigns of malware designed to steal information. This incident, which occurred in April 2025 and was recently announced, is one of the largest data breach incidents recorded, with a total of 3.5 terabytes of stolen data according to Australian cybersecurity expert Troy Hunt.
This breach has affected all major email providers, including Outlook and Yahoo, despite Google's confirmation that its servers were not directly breached, explaining that the leakage resulted from spyware and Trojan horses on users' personal devices.
The breached data includes email addresses, website links, and passwords captured during login sessions to multiple services, exposing the passwords used on platforms such as Amazon, eBay, and Netflix to risk.
Digital Breach Details
The massive breach data, which includes more than 23 billion digital records totaling 3.5 terabytes, was added to the Have I Been Pwned (HIBP) database on October 21, after being the result of a full year of monitoring malware activity by cybersecurity firm Synthient. Troy Hunt, the founder of HIBP, confirms that he verified a number of the passwords by contacting their owners who admitted they are still in use.
How does the breach mechanism work?
The leaked data resulted from "theft logs", which are files created by malware installed on users' devices. This malware records everything entered by users through their keyboards, including email addresses, passwords, and websites they visit, and these data are repeated across multiple platforms, where they are circulated on Telegram channels and dark web forums.
What is the real extent of the risk from the breach of used passwords?
Troy Hunt, the Australian cyber security expert, pointed out that the breach affected passwords used on major sites such as Amazon, eBay, and Netflix. Researchers observed an 800% increase in stolen login data during the first half of 2025, and on some days, 600 million stolen credentials were detected in just 24 hours. Hunt confirmed that he verified many of the leaked passwords and found some to still be active.
To check if your email is among the leaked data:
The first step: Check via the HIBP platform
The first step to verify begins by visiting the Have I Been Pwned (HIBP) website, a global platform specializing in detecting data breaches. The user enters their email address in the main search bar and then presses the "check" button. The results appear within seconds, indicating if the email is found in the leaked databases and even if the result is negative, experts recommend proceeding to the next step.
The second step: Review account activity
From inside the Gmail account, the user should go to the "Security Activity Details" page located in the account settings. This page shows all devices and connection points used to access the account recently. Review the list carefully and look for any unfamiliar devices or suspicious login times. If any unknown activity is discovered, log out of all sessions immediately.
Experts' recommendations for protecting Gmail email password breaches
Security experts emphasize the need to adopt a security strategy that goes beyond just strong passwords. Benjamin Brundage from the Synthient platform clarified that users should not assume security merely because they use strong passwords. Recommendations from the experts include:
Complex passwords: The necessity of using long and complex passwords not less than 16 characters, including a mix of upper and lower case letters, numbers, and symbols.
Multi-factor Authentication: Emphasizing the importance of enabling multi-factor authentication (MFA) whenever available.
Google Alternatives: In response to the controversy, Google has urged its users to enable two-step verification and use passkeys as secure alternatives to traditional passwords susceptible to hacking.
