Online panic exploded in a few hours when dozens of newspapers relaunched the news of an alleged suspect theft of 183 million Gmail accountstalking about “one of the worst violations in historyHowever, Google firmly denied this, explaining that none of its systems were hacked. But what does all this mean? Let’s start from the beginning.
It all started with an announcement by Troy Huntcreator of the site Have I Been Pwnedwhich notifies users if their passwords have ended up on the internet. Hunt added to its database a huge archive shared by threat intelligence firm Synthientmade up of billions of credentials collected over time through malware, phishing and breaches on thousands of different sites. Hence the misunderstanding: the data does not come from Gmail, but from one sum of previous escapesoften years old.
91% of the data was already known
According to Hunt himself, 91% of the 183 million credentials was already present on Have I Been Pwned for a long time. Only about 16 million addresses are “new,” but not linked to a recent or targeted attack against Google. It is therefore one historical collectionnot a “fresh theft”.
Google reiterated that its defense systems remain solid and that users are protected by automatic checks on compromised passwords. The company regularly uses databases like this to force the reset of exposed passwordstransforming a potential risk into a prevention tool.
Reports of a “Gmail security breach impacting millions of users” are false. Gmail’s defenses are strong, and users remain protected.
— News from Google (@NewsFromGoogle) October 27, 2025
The source of the data
The dataset, called Synthient Stealer Log Threat Datawas aggregated by Synthient LLCa company specializing in cybersecurity. The project, which lasted almost a year, monitored closed forums, Telegram channels and dark web marketscollecting and cleaning billions of records.
After eliminating duplicates and false positives, Synthient delivered a Have I Been Pwned 183 million email-password combinations, of which approx 16 million never seen before. The aim: to allow users to check whether their accounts have fallen into the wrong hands.
A 3.5 terabyte archive
The collection in question weighs approx 3.5 terabytes and contains data from users of services such as Gmail, Outlook, Yahoo Mail, iCloud and Facebook. This is not a direct intrusion into company systems, but rather credentials stolen from infected devices: malicious software that records the keystrokes typed or reads the passwords saved in browsers.
This type of collection is particularly insidious, because it often involves users unaware that they have malware active on your computer or smartphone. Some files even contain session cookies And digital wallet keysmaking the immediate change of compromised credentials urgent.
How to check if you are affected and how to protect yourself
Those who fear being in the database can access Have I Been Pwned at this link and enter your email in the search bar. If the site shows you a red message, it means that your email is present in at least one violation. In case the address is compromised, it is recommended change your password immediatelyactivate thetwo-factor authentication preferably via apps or hardware keys to add an additional layer of security and run a full virus scan on devices.
