Joe Maring / Android Authority
TL;DR
- Threat intelligence firm Synthient recently aggregated a set of 183 million compromised accounts that were inaccurately attributed to a Gmail breach.
- Google denied the reports of a Gmail security event, claiming that people misunderstood the compilation of breached login credentials.
- The company recommends users enable two-factor authentication and use passkeys to keep their accounts secure.
Infostealer databases help consumers get a grasp on whether their personal data and account information has been leaked in a data breach. However, they can occasionally steer users in the wrong direction. Multiple news outlets reported this week that a massive Gmail leak exposed over 183 million passwords, but Google is now publicly refuting those claims.
“Reports of a ‘Gmail security breach impacting millions of users’ are false,” Google explained in a thread on X (via Engadget). “Gmail’s defenses are strong, and users remain protected.”
The confusion stemmed from a report published by Troy Hunt, the creator of infostealer database Have I Been Pwned, that chronicled the addition of 183 million compromised accounts to the platform. As it turns out, this collection of compromised accounts came from multiple sources, rather than a single app or service. Many of the breached accounts have been previously spotted, with Hunt reporting only 9% of the 183 million accounts are new.
Don’t want to miss the best from Android Authority?
With a data set as large as this one, the 9% of newly-breached accounts ends up representing 16.4 million login credentials. That figure is much smaller than the 183 million that was initially reported, and isn’t specifically linked to Gmail. Instead, the compromised accounts come from Synthient, a threat intelligence platform that aggregated these breached accounts from multiple sources all over the web.
“The inaccurate reports are stemming from a misunderstanding of infostealer databases, which routinely compile various credential theft activity occurring across the web,” Google added in the thread. “It’s not reflective of a new attack aimed at any one person, tool, or platform.”
To assure users, Google also mentioned steps that people can take to protect their Gmail accounts. The company recommends users turn on two-factor authentication or switch to passkeys in order to thwart credential theft. Additionally, it says that users should reset passwords when they are leaked in large batches of breached credentials.
“Gmail takes action when we spot large batches of open credentials, helping users reset passwords and resecure accounts,” Google said.
Thank you for being part of our community. Read our Comment Policy before posting.
