Massive 183 Million Email Credentials Released Online in Major Data Dump

According to Forbes, a dataset containing approximately 183 million unique email credentials, including passwords tied to Gmail accounts, has surfaced online, cybersecurity researchers confirmed.

Reportedly, the collection, spanning roughly 3.5 terabytes of data, originates from “stealer logs” and large‐scale credential‐stuffing lists assembled over many months. 

According to Troy Hunt, founder of the breach database Have I Been Pwned, about 16.4 million of the accounts stripped from prior visibility had not appeared in any earlier breach record. He discovered a 3.5-terabyte trove online, which contains around 23 billion login records (usernames and passwords), and shared that these have been collected via malware called "infostealer malware".

Researchers say the credentials were gathered via malware installed on user devices, phishing campaigns and third‐party leaks rather than a breach of Gmail’s own systems.

The leaked data includes email addresses, associated passwords and the websites where those credentials were used.

Fact-check:

While many prominent media outlets are sharing that Gmail accounts are also included, GizChina reported that:

Google issued a statement rejecting the notion of a Gmail‐specific hack, stating “Reports of a Gmail security ‘breach’ impacting millions of users are entirely inaccurate and incorrect. They stem from a misreading of ongoing updates to credential theft databases, known as infostealer activity…”

Security firm Synthient, which helped aggregate the data, reported that most entries traced back to prior leaks, but a meaningful subset was fresh and active.

The incident highlights the growing threat posed by credential‐harvesting malware and credential stuffing attacks, where breach data is reused across services.