Google says 183M Gmail passwords leak report is false
What's the story
Google has debunked the rumors of a major data breach, which allegedly compromised over 183 million Gmail passwords. The tech giant took to X (formerly Twitter) to clarify that no new security breach had occurred on its platform. Google said that the reports were based on a "misunderstanding of infostealer databases," which collect stolen login credentials from different hacks and malware attacks across the web.
Database explanation
Google clarifies misunderstanding
Google explained that the databases in question don't indicate a new attack on Gmail users specifically. Instead, they often contain old or unrelated email-password combinations, which can create confusion when such compilations resurface. The company added that it regularly takes action when large batches of leaked credentials appear online, helping users reset passwords and secure their accounts.
Leak details
Controversy sparked by Troy Hunt's revelation
The controversy over the alleged breach was sparked by Australian cybersecurity expert Troy Hunt. He revealed that a massive 3.5-terabyte database containing around 183 million email credentials had surfaced online. Hunt said the data, allegedly comprising information from various past breaches, might include Gmail accounts among other providers. The leak drew global attention after being highlighted by The New York Times, which mentioned Hunt's advice for users to check if their details had been compromised by visiting HaveIBeenPwned.com.
Security measures
Google urges users to bolster account security
Despite denying the breach, Google is urging its users to bolster their account security. The company recommends enabling two-step verification, switching to passkeys (more secure than passwords), and resetting passwords if they appear in any leaked databases.