Google has issued an urgent warning to millions of Gmail users after a staggering 183 million passwords were exposed in one of the largest data breaches in recent years. The tech giant is urging users to immediately secure their accounts as cybercriminals exploit stolen login details obtained through infostealer malware.
The breach came to light after cybersecurity expert Troy Hunt, founder of the Have I Been Pwned (HIBP) database, uploaded a massive 3.5-terabyte dataset containing 23 billion rows of stolen data on October 21. The data, known as the “Synthient Stealer Log Threat Data,” includes credentials collected from malware-infected devices, targeting Gmail users alongside those on platforms like Apple, Facebook, and Instagram.
“This isn’t just another breach; it’s a relentless stream of stolen lives in the cyber shadows,” Hunt warned.
Hunt’s analysis of a sample from the leak revealed that about 92% of the credentials were recycled from previous hacks, but 8% — over 16 million accounts — appear to be newly compromised, making the situation even more alarming.
Cybersecurity firm Synthient, which monitored the malware operation for nearly a year, said the stolen data came from users’ infected devices that recorded everything from email addresses and passwords to website URLs during logins.
A Google spokesperson confirmed the scale of the threat in a statement to Forbes, explaining that the breach did not stem from a weakness in Google’s systems but from malware infections on users’ devices.
“This report covers broad infostealer activity targeting various web services. We strongly encourage users to take immediate security measures,” Google said.
The company is urging all Gmail users to:
- Turn on 2-Step Verification (2FA) immediately.
- Run an Account Safety Checkup at myaccount.google.com/security.
- Use a password manager to generate and store unique passwords.
Google also reminded users that it alerts anyone whose credentials appear in known data breaches, but waiting for an alert could be too late.
To find out if your account has been affected, visit haveibeenpwned.com, a trusted platform that allows users to check if their email or password has been compromised. Simply enter your Gmail address to verify.
The breach follows a series of global leaks this year, including the May database exposure of 184 million credentials and the June mega-leak of 16 billion passwords. Analysts say the rise of cheap infostealer malware on the dark web — such as RedLine and Vidar — continues to fuel this crisis.
Users are urged to stay vigilant, update passwords regularly, and avoid reusing the same password across multiple sites. As experts warn, in today’s digital world, one weak password can bring your entire online life crashing down.
