The IT Nerd

This is big. And this is really, really bad. Around 183 million Gmail accounts have pwned. Which is as far from trivial as a hack could get.

The breach was revealed after the website URLs, email addresses, and passwords were added to the Have I Been Pwned (HIBP) database, which allows users to enter their stolen credentials to see if their information has been leaked.

According to Troy Hunt, who owns the website, the stolen data included ‘stealer logs and credential stuffing lists’, which are essentially huge databases of stolen logins that cybercriminals use to make unauthorised access attempts.

Erich Kron, CISO Advisor at KnowBe4, has provided the following commentary. 

“The significant volume of passwords that are compromised annually should be a very motivating factor in enabling Multi-Factor Authentication (MFA) and should drive people to consider the importance of securing accounts, especially email accounts.

Email accounts are the nexus of our digital identity, allowing us to sign up for accounts and to reset passwords for accounts that we may already have. For a bad actor, the ability to reset passwords to retail and banking accounts is the ultimate prize, and for the victim, a nightmare.  

In addition to giving bad actors the ability to reset passwords, they also know that people have the bad habit of reusing passwords across a myriad of services including their banking and financial services. The theft of these credentials can allow cybercriminals to easily empty bank and retirement accounts, and fund some extreme shopping sprees.

People should be very careful about protecting their accounts by keeping them unique and applying MFA whenever possible. Tools such as password vaults can be instrumental in securing accounts and being able to remember even the most obscure password when needed.”

Now would be a really good time to change your Gmail password as well as implementing MFA. Because like I said earlier, this is a bad as it gets.

This entry was posted on October 27, 2025 at 6:18 pm and is filed under Commentary with tags Gmail, Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.