- Google denies reports of a massive Gmail data breach affecting millions of users
- Claims of 183 million stolen passwords stem from aggregated past breaches, not Gmail alone
- Australian expert Troy Hunt linked data to multiple services, including Gmail and Outlook
Google has firmly denied the viral claims of a huge data breach within its Gmail service. As per reports, more than 183 million passwords were stolen. But taking to its official account on X (formerly Twitter), News from Google, the company said Tuesday, "Reports of a 'Gmail security breach impacting millions of users' are false. Gmail's defences are strong, and users remain protected."
The controversy started after Australian cybersecurity expert Troy Hunt, who runs the breach-notification site Have I Been Pwned, claimed that a massive 3.5-terabyte database containing around 183 million email credentials had surfaced online.
Also Read | Watch: US Air Force Flies Into Eye Of Hurricane Melissa, Strongest Storm Of 2025
Reports of a “Gmail security breach impacting millions of users” are false. Gmail's defenses are strong, and users remain protected. 🧵👇
— News from Google (@NewsFromGoogle) October 27, 2025
Hunt alleged that the compromised information was from various past breaches, which may include Gmail accounts among other providers, including Outlook, Yahoo and hundreds of other web services.
In his blog, Hunt wrote that the data consists of both "stealer logs and credential stuffing lists". "Someone logging into Gmail ends up with their email address and password captured against gmail.com." The expert claimed that the leak, first detected in April, was made public last week.
While speaking to the Post, a Google spokesperson earlier said, "Reports of a Gmail security 'breach' impacting millions of users are entirely inaccurate and incorrect."
"They stem from a misreading of ongoing updates to credential theft databases, known as infostealer activity, whereby attackers employ various tools to harvest credentials versus a single, specific attack aimed at any one person, tool or platform."
"We encourage users to follow best practices to protect themselves from credential theft, such as turning on 2-step verification and adopting passkeys as a stronger and safer alternative to passwords, and resetting passwords when they are exposed in large batches like this."
Also Read | Dogs Of Chernobyl Turn Bright Blue, Shows Shocking Video
Google stated that the "misleading" reports stem from a misunderstanding of infostealer databases, which compile credentials from multiple historic theft incidents across the internet. These databases aggregate stolen login details from countless websites, not just Gmail.
Google emphasised that its security systems automatically detect and mitigate threats arising from large-scale credential dumps.
What Are The Security Measures That Users Can Take
Two-Step Verification: To add an extra layer of protection beyond passwords
Passkeys: A safer alternative to passwords, allowing seamless logins via biometrics or device security
Passwords: If credentials appear in leaked databases, users should reset their passwords promptly
Security Checkups: To identify compromised accounts or suspicious logins.
Track Latest News Live on NDTV.com and get news updates from India and around the world
