On October 27, 2025, a major data leak revealed login details for over 180 million email accounts, including many Gmail users. The breach was discovered by cybersecurity researcher Troy Hunt and involved around 3.5 terabytes of stolen data.
The leaked information came from malware known as “infostealers,” which secretly collect usernames, passwords, and other sensitive details from infected devices. Reports indicate that more than 16 million of the exposed email addresses were not previously part of any known data breaches.
Google confirmed that its own systems were not hacked. The exposure happened because of malware on users’ devices rather than a direct attack on Gmail.
Experts are advising people to secure their accounts immediately. Recommended steps include enabling two-factor authentication (2FA), using strong and unique passwords, and scanning devices for malware. Users can also check whether their email has been compromised using trusted security tools online.
This incident highlights the importance of staying vigilant online and taking proactive steps to protect personal accounts.
