No, Gmail has not suffered a massive 183 million passwords breach - but you should still look after your data

In a post on X (formerly Twitter), the company denied the claims, and declared Gmail’s ‘defenses are strong, and users remain protected’.

"The inaccurate reports are stemming from a misunderstanding of infostealer databases, which routinely compile various credential theft activity occurring across the web. It’s not reflective of a new attack aimed at any one person, tool, or platform."

91% old news

The post followed multiple news outlets reporting the huge 183 million figure impacted in the incident after Gmail users appeared on the breach notification website HaveIBeenPwned (HIBP).

However the breach was not verified, and the information appears to be a compilation of previous breaches, likely obtained through info-stealing malware, phishing, and credential stuffing attacks.

Troy Hunt, creator of HIBP, confirmed 91% of the 183 million credentials had previously been seen - which suggests this ‘breach’ contains very little new information, and is therefore unlikely to be tied to any specific incident.

That being said, Hunt did acknowledge there were also 16.4 million previously unseen credentials - those which had never been released in any data breaches - possibly leaving a significant number of users exposed.

The advice is always the same - if you think you may have been impacted (or even if you just want to be cautious) then keep a close eye on your accounts for any suspicious activity, specifically your bank statements.

It may not seem like a big deal that a cybercriminals knows your email address, name, or date of birth - but this information can be used to take out loans or credit cards in your name, so make sure you use identity theft protection software if you think you have been affected.