Everything we know about the Gmail password hack as millions of accounts breached
Around 183 million Gmail accounts have been compromised following a major data breach that revealed users’ passwords earlier this year.
The breach was revealed after the website URLs, email addresses, and passwords were added to the Have I Been Pwned (HIBP) database, which allows users to enter their stolen credentials to see if their information has been leaked.
According to Troy Hunt, who owns the website, the stolen data included ‘stealer logs and credential stuffing lists’, which are essentially huge databases of stolen logins that cybercriminals use to make unauthorised access attempts.
In this instance, it’s the sheer volume of the stolen data that is most shocking, with the 3.5 terabyte database containing around 23 billion records, as per Forbes Business.
The majority of the information was obtained from the Synthient threat-intelligence project, which was a year-long project following the activities of infostealers, with data aggregated from forums, social media, Telegram, and the dark web.
According to Hunt, 92 per cent of the data shared with HIBP came from previous breaches, while 8 per cent, amounting to roughly 16.4 million unique email addresses and passwords, was new.
Among the data, which were taken from a wide range of sites and organisations, Gmail was one of the largest subgroups in which accounts were directly compromised.
One of the biggest concerns is that these logins are often used to access a variety of platforms across Google, as well as for credentials for online banking, cloud storage, and more.
If you’re concerned that your data could be among the millions of accounts compromised, you can type your email address in on the HIBP website, which will tell you if it has appeared on any of the links.
If it has, you should change your password immediately and make sure the same password isn’t being used on any other accounts.
A Google spokesperson told Forbes in a statement: “This report covers broad infostealer activity that targets many types of web activities.
“When it comes to email, users can help protect themselves by turning on 2-step verification and adopting passkeys as a simpler and stronger alternative to passwords.”
Google further advised users who believe their account details may have been compromised to sign in and check their account activity immediately, and if they are unable to log in, to head to their account recovery page and answer the questions as best as they can.
Meanwhile, over on Google’s Help Centre, you can also check whether any of your passwords have been compromised by visiting your password checkup or the Google Password Manager, if you use Chrome.
“We’ll ask you to change your Google Account password if it might be unsafe, even if you don’t use Password Checkup,” they said.
They further added: “Additionally, to help users, we have a process for resetting passwords when we come across large credential dumps such as this.”