Joe Maring / Android Authority
TL;DR Threat intelligence firm Synthient recently aggregated a set of 183 million compromised accounts that were inaccurately attributed to a Gmail breach.
Google denied the reports of a Gmail security event, claiming that people misunderstood the compilation of breached login credentials.
The company recommends users enable two-factor authentication and use passkeys to keep their accounts secure.
Infostealer databases help consumers get a grasp on whether their personal data and account information has been leaked in a data breach. However, they can occasionally steer users in the wrong direction. Multiple news outlets reported this week that a massive Gmail leak exposed over 183 million passwords, but Google is now publicly refuting those claims.
“Reports of a ‘Gmail security breach impacting millions of users’ are false,” Google explained in a thread on X (via Engadget). “Gmail’s defenses are strong, and users remain protected.”
The confusion stemmed from a report published by Troy Hunt, the creator of infostealer database Have I Been Pwned, that chronicled the addition of 183 million compromised accounts to the platform. As it turns out, this collection of compromised accounts came from multiple sources, rather than a single app or service. Many of the breached accounts have been previously spotted, with Hunt reporting only 9% of the 183 million accounts are new.
Don’t want to miss the best from Android Authority? Set us as a favorite source in Google Discover to never miss our latest exclusive reports, expert analysis, and much more.
to never miss our latest exclusive reports, expert analysis, and much more. You can also set us as a preferred source in Google Search by clicking the button below.
With a data set as large as this one, the 9% of newly-breached accounts ends up representing 16.4 million login credentials. That figure is much smaller than the 183 million that was initially reported, and isn’t specifically linked to Gmail. Instead, the compromised accounts come from Synthient, a threat intelligence platform that aggregated these breached accounts from multiple sources all over the web.
... continue reading