Google says your Gmail wasn’t hacked — but maybe check anyway, as the internet’s not buying it after 183M accounts were allegedly breached

News
By published

It’s not a Gmail breach, it’s just a remix of every other one — according to Google, which denies reports, but 16 million fresh credentials still surfaced.

A woman looks at a laptop screen displaying the logo of Google.
(Image credit: Getty Images | Anadolu)

Reportedly, 183 million email accounts and their associated passwords have been exposed in a massive breach. However, it seems the situation has been misunderstood. The confusion began when Have I Been Pwned creator Troy Hunt announced in a blog post that he had added a huge new dataset containing 183 million unique email addresses and passwords, some of which were linked to Gmail.

The dataset didn’t come from a single Gmail hack. Instead, it was compiled from “stealer logs,” which are malware logs that harvest credentials from infected PCs, along with data scraped from the dark web, social media, Tor, and Telegram channels. In other words, Gmail wasn’t breached — but that didn’t stop news outlets from running with the story that it had been.

The 183 million Gmail password leak: what really happened

Gmail on Windows Phone

The dataset was provided to Have I Been Pwned by Ben from Synthient, a U.S. college student who focuses on threat-intelligence aggregation. He collects threat data from malware-infected devices, online forums, and dark-web channels, processing millions of new credentials every day.

The total volume of data amounted to 3.5 terabytes, spanning roughly 23 billion rows. It included two main types of information:

  • Stealer logs, which are credentials captured directly from malware running on infected computers.
  • Credential-stuffing lists, which are username and password combinations gathered from previous breaches and reused elsewhere.

To verify the data, Troy Hunt ran scripts to determine how much of the dataset was new compared to existing entries in Have I Been Pwned. Out of 94,000 sampled addresses, 92 percent had been seen before in earlier leaks, meaning most of it was recycled. However, there were still around 16 million new addresses that had not previously appeared in any breach.

The false reporting likely came from people seeing Gmail addresses paired with passwords and assuming that Gmail itself had been breached. Once those claims began spreading across social media and news outlets, it caused unnecessary panic among users who believed they might be affected.

How to check if your Gmail and Email accounts are safe

If you’re like me and still slightly concerned about whether your data is floating somewhere in the endless corners of the web, you can visit Have I Been Pwned and enter your Gmail or any other email address. The site will tell you whether your details have appeared in a breach and, if so, which one.

If you do appear in a breach, change your password immediately. Choose something new, unique, and strong, avoiding anything you’ve used before. While it can be a hassle, using different passwords for each account is one of the most effective ways to stay protected.

It’s also worth enabling two-factor authentication on your Gmail and any other service that supports it. This extra step means that even if someone has your password, they won’t be able to access your account without your verification code or device approval.

Finally, consider using a password manager to help you keep track of everything. Google’s own password manager. Microsoft Edge has a password manager too or tools like 1Password and Bitwarden can generate secure passwords automatically and warn you if any of them appear in a future breach. It’s an easy way to stay one step ahead without memorising dozens of logins.

FAQ

Was Gmail actually hacked in 2025?

No, Gmail was not hacked. The panic started after Have I Been Pwned added a dataset containing 183 million email addresses and passwords, many linked to Gmail. However, these came from "stealer logs" and recycled leaks, not a direct breach of Google. s

So why is everyone freaking out?

Because the leaked data included Gmail logins, and the number — 183 million — is massive. Even though most of it’s recycled, about 16.4 million credentials were new.

Should I change my Gmail password?

Yes, especially if you’ve reused your Gmail password on other websites. Even though Gmail wasn’t breached.

What is Have I Been Pwned?

Have I Been Pwned (HIBP) is a free tool that lets you check whether your email address or passwords have appeared in a known data breach. It’s run by cybersecurity expert Troy Hunt.

Why did Google respond so strongly?

Because this is the second time in two months they’ve had to deny a massive Gmail breach. The headlines keep coming, even when the facts don’t.

What should I do now?

Check your email on HaveIBeenPwned, enable 2FA, and stop reusing passwords. Google says its systems are secure, but credential leaks are still a threat.

Click to follow Windows Central on Google News

Follow Windows Central on Google News to keep our latest news, insights, and features at the top of your feeds!

TOPICS
Adam Hales
Adam Hales
Contributor

Adam is a Psychology Master’s graduate passionate about gaming, community building, and digital engagement. A lifelong Xbox fan since 2001, he started with Halo: Combat Evolved and remains an avid achievement hunter. Over the years, he has engaged with several Discord communities, helping them get established and grow. Gaming has always been more than a hobby for Adam—it’s where he’s met many friends, taken on new challenges, and connected with communities that share his passion.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.