Google denies Gmail data breach after reports of millions of passwords leaked, advises 2-Step Verification
On Tuesday, Google has denied reports of a major Gmail data breach in an X post, after an expert claimed that millions of email passwords were leaked. The company said the reports stem from old stolen data and not a new attack, while urging users to enable two-step verification.
Google has denied reports of a major Gmail security breach after claims surfaced online that millions of email passwords had been leaked. The company clarified that the allegations were based on a misunderstanding of previously stolen data circulating on the internet, not on a new attack targeting Gmail.
Google claims Gmail data breach reports are false
On Tuesday, Google’s official X account News from Google addressed the issue, stating, “Reports of a ‘Gmail security breach impacting millions of users’ are false. Gmail’s defences are strong, and users remain protected.”
The post explained that the misleading reports stemmed from “a misunderstanding of infostealer databases”, which frequently compile data from various credential theft incidents across the web. According to Google, these collections do not indicate a fresh attack on Gmail or any other specific platform.
The company also claimed to users that it actively monitors for large batches of exposed credentials and helps affected users reset passwords to secure their accounts.
Researcher reports massive leak
The controversy began after Australian cybersecurity expert Troy Hunt, who runs the breach notification platform Have I Been Pwned, revealed that a massive 3.5-terabyte database containing around 183 million email credentials had surfaced online.
Hunt said the data, allegedly comprising information from various past breaches, might include Gmail accounts, among other providers. The leak drew global attention after being highlighted by The New York Times, which mentioned Hunt's advice for users to check if their details had been compromised by visiting HaveIBeenPwned.com.
Users can enter their email addresses on the site to see if they appear in any known breaches and to get information about when and where the data exposure occurred.
How to secure your Gmail accounts?
While Google maintains that Gmail itself has not been compromised, the company reiterated its advice for users to strengthen their account protection.
The tech giant encouraged everyone to enable two-step verification, adopt passkeys as a safer alternative to passwords, and reset credentials if they appear in public data sets.
Google added that its security systems automatically detect and mitigate threats arising from large-scale credential dumps, ensuring affected accounts are promptly resecured.
Experts recommend that anyone concerned about their online security should:
- Check their email addresses on Have I Been Pwned
- Change passwords regularly
- Avoid reusing passwords across multiple sites
- Turn on multi-factor authentication wherever possible
- Google denies any new breach, clarifying that concerns stem from misunderstood data leaks.
- Users are encouraged to enable two-step verification and monitor their accounts for potential threats.
- Credential exposure is an ongoing issue; users should regularly check their email credentials against known breaches.
Catch all the Technology News and Updates on Live Mint. Download The Mint News App to get Daily Market Updates & Live Business News.