Gmail data leaked in 183 million account breach
Data involving 183 million compromised email addresses and passwords has been added to the breach-monitoring site Have I Been Pwned (HIBP), representing one of the largest data leaks to date.
The data came from multiple sources of malware-based “infostealer” tools which harvest credentials by monitoring users’ devices.
Listen to this article
The extent of the breach represents a huge risk to millions of users.
Investigations are ongoing, and analysts are trying to review the security of accounts, reset passwords, and activate two-step verifications for users.
Read More: OpenAI to store data on British soil for first time under Government deal
Read More: MoD investigating claims Russian hackers stole files on RAF and Navy bases
In order to recover accounts, cybersecurity experts recommend that users immediately change their passwords and avoid reusing them across multiple sites.
Google’s Security Check-up tool can mainly identify devices or connected applications that should be removed immediately.
Two-step verification should be enabled, using a hardware key or passkey rather than an SMS code, to prevent unauthorised access even if credentials are leaked.
According to Forbes.com a spokesperson from Google provided the following statement:
“This report covers broad infostealer activity that targets many types of web activities. When it comes to email, users can help protect themselves by turning on 2-step verification and adopting passkeys as a simpler and stronger alternative to passwords."
The exposure of 183 million credentials highlights how infostealer malware has become a leading source of data theft globally.
Gmail users are not the only ones at risk, accounts from a range of providers can be found amongst the leaked dataset.
Investigations are ongoing and the full extent of the leak is yet to be fully understood.
Users of all devices are advised to use reputable anti-virus scans to get rid of any potential infostealer malware.