If you have a GMail account, now as in right this second would be a good time to change your password because five million passwords for GMail users have been leaked and the leaker claims that 60% or more are valid. Here’s what the Daily Dot has to say:
Much of the information is old and potentially out-of-date, Google representatives told Russian media, so the so-called “leak” may be more accurately described as a collection of phished and hacked credentials collected over years. In fact, many of the accounts have long been suspended or are matched with very old passwords.
The database of usernames and passwords, which was first reported by CNews, was posted on Tuesday evening to btcsec.com, a Russian-language Bitcoin security forum.
Lovely.
To see if you’re affected by this, there’s a password checker that is currently a victim of the Slashdot Effect that will allow you to see if you are in trouble. Even if you’re not, you should change your password anyway and while you’re at it, use this tip to make a strong one.
If You Have A Gmail Account, Chances Are That You’ve Been Pwned
Posted in Commentary with tags Gmail, Hacked on October 27, 2025 by itnerdThis is big. And this is really, really bad. Around 183 million Gmail accounts have pwned. Which is as far from trivial as a hack could get.
The breach was revealed after the website URLs, email addresses, and passwords were added to the Have I Been Pwned (HIBP) database, which allows users to enter their stolen credentials to see if their information has been leaked.
According to Troy Hunt, who owns the website, the stolen data included ‘stealer logs and credential stuffing lists’, which are essentially huge databases of stolen logins that cybercriminals use to make unauthorised access attempts.
Erich Kron, CISO Advisor at KnowBe4, has provided the following commentary.
“The significant volume of passwords that are compromised annually should be a very motivating factor in enabling Multi-Factor Authentication (MFA) and should drive people to consider the importance of securing accounts, especially email accounts.
Email accounts are the nexus of our digital identity, allowing us to sign up for accounts and to reset passwords for accounts that we may already have. For a bad actor, the ability to reset passwords to retail and banking accounts is the ultimate prize, and for the victim, a nightmare.
In addition to giving bad actors the ability to reset passwords, they also know that people have the bad habit of reusing passwords across a myriad of services including their banking and financial services. The theft of these credentials can allow cybercriminals to easily empty bank and retirement accounts, and fund some extreme shopping sprees.
People should be very careful about protecting their accounts by keeping them unique and applying MFA whenever possible. Tools such as password vaults can be instrumental in securing accounts and being able to remember even the most obscure password when needed.”
Now would be a really good time to change your Gmail password as well as implementing MFA. Because like I said earlier, this is a bad as it gets.
1 Comment »