A massive data breach has exposed the passwords of at least 183 million Gmail users, prompting urgent warnings for account holders to check their security status.
Cybersecurity researcher Troy Hunt, who discovered the breach, described the exposed information as a “vast corpus” of data totaling 3.5 terabytes—the equivalent of about 875 full-length HD movies.
According to Hunt, the leak does not affect Gmail alone but also includes data from Outlook, Yahoo, and several other email providers.
“They’re from everywhere you could imagine, but Gmail always features heavily,” Hunt told the Daily Mail.
The breach, which occurred in April, was recently disclosed on Hunt’s Have I Been Pwned (HIBP) website—a platform that helps users verify if their personal information has been exposed online.
Hunt revealed that the leaked database contains 183 million unique email addresses, along with associated websites and passwords. He clarified that this is not a single hack but a collection of “stealer logs”—data harvested by malware that continuously siphons personal information from infected devices.
“Stealer logs are more of a firehose of data that’s constantly spewing personal info all over the place,” he explained in a blog post. “Once the bad guys have your data, it often replicates over and over again through numerous channels and platforms.”
Hunt has urged internet users to visit the Have I Been Pwned website to check if their email addresses were affected. By entering their email in the search bar and clicking ‘Check’, users can see which data breaches may have exposed their information.
He also advised users to change their passwords immediately, enable two-factor authentication, and remain alert for suspicious account activity.