Google has recently reaffirmed that there has been no large-scale data breach concerning users’ information. A few months ago, Google addressed security issues related to its Gmail service. This week, following reports that 183 million passwords might have been compromised in the latest data leak, Google has once again clarified this information.
According to an announcement from Google on the X platform, the affected accounts are not victims of a new attack but have recently been added to the database of the data breach search engine Have I Been Pwned. Have I Been Pwned is a free tool that quickly informs users whether their personal information has ever been compromised by hackers. The website’s founder, Troy Hunt, mentioned in his blog that over 90% of the millions of stolen credentials have already appeared online, indicating they are not new data. However, Hunt also noted that among these, 164,000 email addresses are appearing for the first time in a data breach incident.
Security experts have pointed out that this leaked data originates from infostealer malware, which stealthily gathers login information from infected devices and then sells it on the dark market. The leaked information primarily includes website URLs, email addresses, and passwords. According to reports, the data breach occurred in April 2025, but it wasn’t until October that Troy Hunt integrated this information into Have I Been Pwned, suggesting that these stolen credentials circulated within criminal networks for some time before being made public.
Google stated in a statement that the reports concerning A security flaw in Gmail affects millions of users. are inaccurate, emphasizing that Gmail’s defense system is incredibly robust and user security remains guaranteed. These misleading reports stem from a misunderstanding of the infostealer database, which regularly aggregates various credential theft activities online and does not initiate new attacks targeting any individuals or platforms.
Google also mentioned that the company will indeed issue breach alerts to users from public credential databases like the one recently uploaded to Have I Been Pwned. Users are advised to enable two-factor authentication and to adopt passkeys as a more secure option compared to using passwords alone. An important reminder from Google is that if you suspect your password has been compromised, you should reset it immediately.
Users can visit HaveIBeenPwned.com to check if their personal information has been compromised. The website offers a detailed timeline and overview of any known breaches associated with the user’s email address. If users find that their credentials have been flagged, they should immediately change their password and enable two-factor authentication.
