No, Gmail has not suffered a massive 183 million passwords breach - but you should still look after your data

News
By published

Don’t panic, but do be careful

Gmail app on a phone with a thumb hovering above
(Image credit: Getty Images)
  • Gmail says it has not suffered a massive data breach, despite claims
  • Reported 183 million passwords figure is primarily compiled from previously compromised credentials
  • Users may still have been breached and be at risk though - so stay on your guard

Google has issued a statement following multiple claims Gmail had suffered a security breach impacting millions of users.

In a post on X (formerly Twitter), the company denied the claims, and declared Gmail’s ‘defenses are strong, and users remain protected’.

"The inaccurate reports are stemming from a misunderstanding of infostealer databases, which routinely compile various credential theft activity occurring across the web. It’s not reflective of a new attack aimed at any one person, tool, or platform."

Official IdentityForce® | Identity Theft Protection - save up to 68% annually

Official IdentityForce® | Identity Theft Protection - save up to 68% annually

Many people don’t know how to protect their ID. Get your ID Action Plan here. Get a personalized step-by-step Action Plan & ID Safety Score based on YOUR dark web hits.

View Deal

91% old news

The post followed multiple news outlets reporting the huge 183 million figure impacted in the incident after Gmail users appeared on the breach notification website HaveIBeenPwned (HIBP).

However the breach was not verified, and the information appears to be a compilation of previous breaches, likely obtained through info-stealing malware, phishing, and credential stuffing attacks.

Troy Hunt, creator of HIBP, confirmed 91% of the 183 million credentials had previously been seen - which suggests this ‘breach’ contains very little new information, and is therefore unlikely to be tied to any specific incident.

That being said, Hunt did acknowledge there were also 16.4 million previously unseen credentials - those which had never been released in any data breaches - possibly leaving a significant number of users exposed.

The advice is always the same - if you think you may have been impacted (or even if you just want to be cautious) then keep a close eye on your accounts for any suspicious activity, specifically your bank statements.

It may not seem like a big deal that a cybercriminals knows your email address, name, or date of birth - but this information can be used to take out loans or credit cards in your name, so make sure you use identity theft protection software if you think you have been affected.

Best identity theft protection header
The best ID theft protection for all budgets

➡️ Read our full guide to the best identity theft protection
1. Best overall:
Aura
2. Best for families:
IdentityForce
3. Best for credit beginners:
Experian IdentityWorks

Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.