Outlook Business Desk
A new data breach has exposed 183 million passwords and login credentials, now listed on the website called 'Have I Been Pwned'. The leak includes user data from Gmail and other major platforms.
The data leak follows a massive leak involving over 184 million credentials, which was made public in May this year. Both incidents revealed large-scale exposure of sensitive user data, as per a Forbes' report. Cybersecurity experts call the timing of these back-to-back leaks alarming.
Troy Hunt, who runs 'Have I Been Pwned', a website that tracks and lists data breaches, confirmed receiving the latest data from Synthient, a cybersecurity company. The firm collected the information by tracking information stealer platforms for nearly a year before submitting the 3.5-terabyte dataset for security verification.
The Synthient dataset contained around 23 billion data rows, mainly showing website URLs, email IDs, and passwords stolen from infected devices. These records came from logs that captured users online activities over several months of monitoring.
A detailed check revealed nearly 92% of the exposed credentials had been seen in earlier leaks. However, around 16.4 million new email addresses were completely fresh entries that had not appeared in any previous data breach records.
Some Gmail users confirmed that the credentials appearing on the leaked dataset have matched their actual passwords. This verification by affected users confirmed the authenticity and accuracy of the leaked Gmail data added to the database.
Meanwhile, Google said the breach stemmed from widespread infostealer activity targeting various online services. The company urged users to protect their accounts by enabling two-step verification and adopting passkeys, which offer a stronger alternative to traditional passwords.
Google also advised Gmail users to check for any unusual activity and immediately reset compromised passwords. Those unable to access their accounts should use the recovery page, following all verification steps to restore and secure access safely.
Google also said that users can check for weak or reused passwords using Chrome’s Password Manager. The tool identifies compromised credentials, flags risky reuse, and prompts password changes.