Last Updated:
Google denied reports of a Gmail security breach affecting 183 million users, clarifying no new attack occurred. Troy Hunt linked leaked data to infostealer malware.
Google dismissed reports of a massive Gmail data leak, calling them false and blaming a misunderstanding of old stolen data compilations. (IMAGE: REUTERS)
Millions of Gmail users who panicked after reports claimed that over 183 million Gmail passwords had been leaked online in a massive data breach breathed a sigh of relief after Google denied the claims.
In a post on social media, Google clarified that there had been no new Gmail security breach.
“Reports of a ‘Gmail security breach impacting millions of users’ are false. Gmail’s defenses are strong, and users remain protected,” the company said in its statement.
“The inaccurate reports stem from a misunderstanding of infostealer databases, which routinely compile various credential theft activity occurring across the web. It’s not reflective of a new attack targeting any one person, tool, or platform,” it added.
Gmail takes action when we spot large batches of open credentials, helping users reset passwords and resecure accounts.— News from Google (@NewsFromGoogle) October 27, 2025
Google also advised users to protect themselves from credential theft by enabling two-step verification, adopting passkeys as a safer alternative to passwords, and resetting passwords when they appear in large credential batches.
Reports of a “Gmail security breach impacting millions of users” are false. Gmail’s defenses are strong, and users remain protected. 🧵👇— News from Google (@NewsFromGoogle) October 27, 2025
The false alarm began after several major media outlets reported an alleged “Gmail breach,” claiming that millions of users’ credentials had been exposed — leading many to fear their accounts had been hacked.
The alleged trove, said to contain 3.5 terabytes of data, reportedly surfaced online earlier this month, according to Troy Hunt, the Australian security researcher who runs the breach-notification site Have I Been Pwned.
Hunt had stated that the information appeared to originate from a yearlong sweep of “infostealer” platforms — malware networks that secretly siphoned usernames, passwords, and website addresses from infected devices.
The data was described as a mix of “stealer logs and credential stuffing lists,” Hunt had written in a blog post.
Shankhyaneel Sarkar is a Chief Sub-Editor at News18. He covers international affairs, where he focuses on breaking news to in-depth analyses. He has over seven years of experience during which he has covered se…Read More
Shankhyaneel Sarkar is a Chief Sub-Editor at News18. He covers international affairs, where he focuses on breaking news to in-depth analyses. He has over seven years of experience during which he has covered se… Read More
October 28, 2025, 16:08 IST
Read More
