A massive cybersecurity incident has compromised the passwords of over 183 million email users, prompting urgent calls for people to verify whether their accounts have been affected.
The breach was uncovered by Troy Hunt, an Australian cybersecurity specialist, who described the stolen data as an enormous collection totaling 3.5 terabytes – roughly equivalent to 875 high-definition movies.
Multiple Email Services Affected
While Gmail accounts feature prominently in the compromised data, the breach isn’t limited to Google’s email service. According to Hunt, major email providers including Outlook and Yahoo also have user accounts represented in the stolen information.
“All the major providers have email addresses in there,” Hunt explained. “They’re from everywhere you could imagine, but Gmail always features heavily.”
How to Check Your Account
The breach was first detected in April but was only recently added to Hunt’s Have I Been Pwned (HIBP) database, a website that tracks security incidents.
The compromised information includes email addresses, associated websites where they were used, and corresponding passwords.
To determine if you’ve been affected:
- Visit the Have I Been Pwned website
- Enter your email address in the search field
- Click the “Check” button to see any breaches involving your account
The search may reveal involvement in other security incidents dating back years, not just this recent event.
Immediate Action Required
Anyone whose email appears in the breach should take these steps immediately:
Change your password – Update your email password without delay.
Enable two-factor authentication – If not already active, set up 2FA, which requires a verification code sent to your phone for account access.
Update passwords on other sites – Change passwords for any websites using your compromised email address, including shopping platforms and streaming services.
Understanding the Threat
This incident differs from typical data breaches. Hunt explains it involves “stealer logs” – collections of data harvested by malicious software infected on users’ devices.
“Stealer logs are more of a firehose of data that’s just constantly spewing personal info all over the place,” Hunt wrote. “Once the bad guys have your data, it often replicates over and over again via numerous channels and platforms.”
The malware captures login credentials as users enter them on various websites, meaning the risk extends beyond just email accounts to any platform where those credentials were used.
The perpetrators behind the malware campaign remain unidentified.
Expert Recommendations
Security specialist Graham Cluley emphasized the importance of password diversity across accounts.
“Always use different passwords for different online accounts,” Cluley advised. “You won’t be able to remember them by yourself, so use a password manager to do it for you.”
He stressed that this isn’t about a single company being hacked, but millions of individuals unknowingly having malware on their computers that steals their information.
Benjamin Brundage, a final-year college student working with cybersecurity firm Synthient, discovered the breached data and reported it to HIBP. He cautioned that even strong passwords – which should be at least 16 characters with mixed cases, numbers, and symbols – don’t guarantee protection against malware-based attacks.
Google’s Response
A Google representative addressed the situation, clarifying that this represents known malware activity targeting various internet services rather than a Gmail-specific vulnerability.
“We protect users from these attacks with layers of defenses, including resetting passwords when we come across credential theft like this,” the spokesperson stated.
Google encouraged users to activate 2-step verification and consider adopting passkeys, which the company describes as a simpler and more secure alternative to traditional passwords.
