TLDR
- A 3.5 terabyte data leak exposed 183 million email passwords through infostealer malware
- 16.4 million Gmail accounts were newly compromised in the breach
- Google confirms its servers were not hacked; malware infected user devices
- Stolen credentials came from phishing emails, fake downloads, and browser extensions
- Users should check HaveIBeenPwned.com and enable two-factor authentication immediately
A massive data breach has exposed 183 million email passwords, including millions of Gmail accounts. The leak represents one of the largest credential dumps discovered in 2025.
183M email passwords leaked — 16M new Google Gmail accounts exposed
https://t.co/xpiQEpgW16
— CoinCentral (@realcoincentral) October 28, 2025
Troy Hunt, founder of Have I Been Pwned, announced the discovery this month. The 3.5 terabyte dataset contains information from 23 billion records collected over a year.
Security firm Synthient tracked the stolen data across dark web marketplaces and Telegram channels. The firm found that 16.4 million email addresses were exposed for the first time.
The remaining 91% of leaked passwords had appeared in previous breaches. However, many of these older credentials still matched users’ active passwords.
How Attackers Stole Credentials
The breach did not involve a direct hack of Gmail’s servers. Instead, infostealer malware on infected devices captured login information as users browsed the internet.
These malicious programs spread through phishing emails and fake software downloads. Browser extensions also serve as common infection points.
Benjamin Brundage of Synthient said stolen credentials jumped more than 800% in the first half of 2025. The firm recorded up to 600 million stolen passwords in a single day.
Users often don’t realize their devices are infected. The malware operates silently while harvesting credentials from multiple websites and services.
Risks Beyond Email Accounts
The breach affects more than just email access. Many users reuse passwords across banking sites, social media platforms, and cloud storage services.
Attackers use credential stuffing to test stolen username-password combinations on multiple platforms. This automated process can give criminals access to victims’ entire digital lives.
Stolen credentials circulate on criminal forums for years. This gives hackers ongoing opportunities to exploit reused passwords.
Google issued a statement clarifying that Gmail’s infrastructure was not compromised. The company said reports of a Gmail breach are inaccurate and stem from misreading credential theft database updates.
What Users Should Do Now
Users can check if their email was compromised by visiting HaveIBeenPwned.com. The site allows people to enter their email address and see if it appears in the breach.
Google recommends enabling two-step verification or switching to passkeys. The company also suggests changing passwords immediately if affected.
Security experts advise against storing passwords in web browsers. Malware can easily scrape credentials from browser storage.
Encrypted password managers provide better protection. Google’s Password Manager Checkup tool also scans Chrome logins and warns about weak or reused passwords.
Users should use different passwords for different online accounts. This prevents a single breach from compromising multiple services.
Recent Developments
The leak first surfaced in April but became public last week. Alphabet shares rose 3.60% on Monday, closing at $269.27 ahead of the company’s Q3 earnings report scheduled for October 29.
The breach highlights the growing threat of infostealer malware. Synthient’s data shows credential theft has reached unprecedented levels in 2025.
Users should remove unused browser extensions and avoid clicking suspicious links. Regular password updates and two-factor authentication remain the best defenses against credential theft.
The post Gmail Users Hit by Massive Malware Attack: 183 Million Passwords Leaked appeared first on Blockonomi.
This articles is written by : Nermeen Nabil Khear Abdelmalak
All rights reserved to : USAGOLDMIES . www.usagoldmines.com
You can Enjoy surfing our website categories and read more content in many fields you may like .
Why USAGoldMines ?
USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.