Google has once again denied claims of a massive Gmail data breach, following a wave of sensational reports over the weekend that falsely suggested 183 million Gmail accounts had been compromised.
The story quickly spread across social media and news outlets, with some claiming that Google’s email platform had been hacked. However, Google clarified on Monday that no such breach occurred, explaining that the reported data came from old credential dumps compiled from previous security incidents and information-stealing malware, not a new Gmail-specific hack.
“Reports of a ‘Gmail security breach impacting millions of users’ are false. Gmail’s defenses are strong, and users remain protected,” the company said in a post on X (formerly Twitter).
According to Google, the confusion arose from a misunderstanding of how infostealer databases work. These massive collections of usernames and passwords are compiled by threat actors from past breaches and malware attacks, not from a single targeted hack.
The false claims appear to have originated from the announcement by Troy Hunt, creator of the data breach notification platform Have I Been Pwned (HIBP). Hunt recently added a massive collection of 183 million compromised credentials to HIBP’s database, shared by the threat intelligence platform Synthient.
Hunt clarified that these credentials were not stolen in one breach but gathered over time from various sources — including phishing attacks, malware infections, and credential stuffing. He also noted that 91% of the records were already present in previous databases, meaning most of the information had been circulating online for years.
“The final number once the entire data set was loaded into HIBP was 91% pre-existing, with 16.4 million previously unseen addresses in any data breach,” Hunt explained.
While Google confirmed that no Gmail data breach occurred, the company acknowledged it regularly monitors such credential dumps and proactively resets passwords for users whose credentials appear in these leaked collections.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
“Gmail takes action when we spot large batches of open credentials, helping users reset passwords and resecure accounts,” Google stated.
