Gmail
Google has officially denied the claims, suggesting that millions of Gmail accounts were compromised in a large-scale data breach. The search giant has clarified that no such incident has occurred and that Gmail’s security systems continue to protect users effectively. Taking to X, Google stated that recent reports about a “Gmail security breach” were inaccurate. The tech giant explained that the rumours likely stemmed from confusion around so-called “infostealer” databases, collections of stolen credentials gathered from various online sources, not from a targeted Gmail hack.
“These reports do not reflect a new attack or a breach of Gmail,” the company stated, adding that the alleged data appeared to be part of unrelated credential dumps floating around the internet. This is the second time in recent weeks that Google has had to publicly deny similar allegations. In September, the company dismissed reports of a widespread Gmail compromise as “entirely false.”
Google also warned that misleading breach reports can cause unnecessary alarm among users, even if they occasionally serve to highlight the importance of cybersecurity. The business advised users to use passkeys and enable two-step verification (2SV) to improve account security. Furthermore, Google stated that it proactively helps users reset their passwords and secure their accounts to avoid possible misuse whenever compromised credentials are discovered.
This clarification from Google came after Australian cybersecurity researcher Troy Hunt, the founder of Have I Been Pwned revealed the existence of a massive 3.5-terabyte database containing around 183 million exposed email credentials. Some of them included Gmail addresses, and Hunt stated that the information was the result of previous data breaches rather than a fresh Gmail-specific hack.
The story gained widespread attention after The New York Times covered Hunt’s findings, prompting many users to check whether their information had been compromised on HaveIBeenPwned.com.