183 Million Gmail Passwords Stolen in Major Data Breach
Gmail users worldwide are being urged to immediately check their account security after cybersecurity experts revealed a massive data breach affecting over 183 million passwords. The stolen data, totaling 3.5 terabytes, includes email addresses from all major providers including Outlook, Yahoo, and others.
Key Takeaways
- 183 million email passwords stolen in malware-based breach
- Affects Gmail, Outlook, Yahoo and other major providers
- Check exposure via Have I Been Pwned website
- Change passwords immediately if affected
- Enable two-factor authentication for protection
What Happened in the Breach?
Australian cybersecurity expert Troy Hunt disclosed the incident on his Have I Been Pwned (HIBP) website, describing it as a “vast corpus” of breached data. The breach occurred in April but was only recently made public.
According to Hunt, this isn’t a single company breach but rather a collection of “stealer logs” – data files compiled by malware that infected users’ computers. “Stealer logs are more of a firehose of data that’s just constantly spewing personal info all over the place,” Hunt explained.
How to Check if You’re Affected
- Visit Have I Been Pwned website
- Enter your email address in the search bar
- Click ‘Check’ to see breach history
- Change passwords for any compromised accounts
Even if not included in this specific breach, your details might have been exposed in past incidents dating back over a decade.
Immediate Security Steps Required
If your email appears in the breach results, change your password immediately and enable two-factor authentication (2FA). The risk extends beyond email accounts to any service using the same credentials.
Graham Cluley, a computer security expert, emphasized: “Always use different passwords for different online accounts. You won’t be able to remember them by yourself, so use a password manager.”
Beyond Email: Wider Password Risks
The stolen data includes passwords used on various websites like Amazon, eBay, and Netflix. Hunt warned: “Stealer logs expose the credentials you enter into websites you visit then login to.”
Benjamin Brundage of cybersecurity firm Synthient, who discovered the breached data, cautioned against over-reliance on strong passwords alone. A strong password should be at least 16 characters with mixed case, numbers, and symbols.
About Have I Been Pwned
Microsoft regional director Troy Hunt operates the Have I Been Pwned service, which helps users check if their credentials were exposed in data breaches. The site includes Pwned Passwords feature to verify password security without storing identifiable data.
Hunt’s essential security recommendations include using password managers, enabling two-factor authentication, and monitoring for new breaches.
