[UPDATE] Have I Been Pwned Details Massive Gmail Breach — Change Passwords & Enable 2FA Now

[UPDATE, 28/10/2025] Google refutes reports of a major Gmail breach shared by Have I Been Pwned via a post thread on X, saying the leaked data comes from old infostealer dumps, not new hacks.

ORIGINAL ARTICLE: If you are a Gmail user, you should miss this. Popular data breach tracking website, Have I Been Pwned, has issued a warning that over 183 million Gmail accounts may have been exposed in a massive leak. The breach reportedly took place back in April 2025, which led hackers to steal both email addresses and their associated passwords.

The database of breached Gmail accounts was reportedly compiled from multiple smaller breaches and aggregated online, according to Troy Hunt, who is a cybersecurity expert and owns Have I Been Pwned. Hunt confirmed that the dataset has now been indexed on the platform, allowing users to check whether their email credentials have been compromised.

You can verify your Gmail addresses via the Have I Been Pwned website. It tracks over 15 billion accounts across 917 known breaches. If your account appears in the latest incident, we recommend immediately changing your password and enabling two-step verification on your Google account.

Two-factor authentication (2FA) adds a critical security layer, requiring additional verification, such as a mobile prompt or hardware security key, before granting access. Google’s security system intelligently selects the best challenge type to protect users against hijacking attempts.

Google hasn’t officially confirmed that its own systems were breached. But it often reminds users to stay vigilant and avoid reusing passwords across services. These days, most of us link our Gmail to many apps, subscriptions, and banking accounts. With stolen credentials, hackers could have wider access than just email inboxes.