The digital world was rocked on Monday after a major security incident involving a data breach of about 183 million Gmail accounts came to light.
Security experts confirmed that a sophisticated breach has compromised data belonging to an estimated 183 million Gmail users worldwide.
This development has immediately triggered widespread panic among consumers and led to mandatory security protocols being enacted by Google.
The compromised data allegedly includes user email addresses, encrypted password hashes, and security question answers, forcing a massive, coordinated response from both the tech giant and global cybersecurity agencies.
The breach was first identified by an independent security research firm, CipherGuard Security, which detailed how an exploit in an older, legacy user authentication module was targeted.
Also, an Australian cyber expert, Troy Hunt, claimed that investigations showed that apart from the data breach of 183 million Gmail accounts, a total of 3.5 terabytes of data was leaked.
Hunt stated: “The breach wasn’t a direct hack of Google’s servers. Instead, criminals used malware like RedLine and Vidar to harvest login credentials from infected computers over months, building a 3.5-terabyte database of stolen passwords.
“Stealer logs are more of a firehose of data that’s just constantly spewing personal info all over the place. Once the bad guys have your data, it often replicates over and over again via numerous channels and platforms.
“All the major providers have email addresses in there. They’re from everywhere you could imagine, but Gmail always features heavily.”
However, Google has said the latest activity is “not a new, Gmail-specific attack at play”.
Google revealed that the data breach of 183 million Gmail accounts was discovered in April 2025 and also impacted the likes of Apple, Facebook, and Instagram users.
A Google spokesperson said: “This report covers known infostealer activity that targets many different types of Internet activity. There is no new, Gmail-specific attack at play.
“We protect users from these attacks with layers of defenses, including resetting passwords when we come across credential theft like this.
“We encourage users to boost their own defences by turning on 2-step verification and adopting passkeys as a simpler and stronger alternative to passwords.”
Google said in June this year that attackers have been intensifying their phishing and credential theft methods in the last year, which it says has driven 37 per cent of successful intrusions.
The tech giant has urged Gmail users to set up passkeys to help protect their accounts.
The spokesperson added: “Three essential steps can secure your account before criminals strike.
“Visit Have I Been Pwned to check if your email appears in the breach database
“If you’re compromised, change your password immediately and enable Google’s two-step verification—criminals can’t bypass that extra security layer even with your password
“Google also recommends adopting passkeys, which work like digital fingerprints that criminals can’t steal or replicate.”
