For the second time in recent months, Google has had to refute reports of a massive leak of Gmail users. The claims were sparked by publications about a “hack of 183 million accounts” that spread across the web, even though there was no leak and no incident involving Google’s servers.
As company representatives explained, this is not a new attack but rather old databases of usernames and passwords collected by attackers using infostealers and other attacks in recent years.
“Reports of a ‘Gmail hack affecting millions of users’ are false. Gmail and its users are well protected,” Google representatives said. The company also emphasized that the source of the rumors about a major leak was a database containing info-stealer logs, as well as credentials stolen in phishing and other attacks.
The fact is that recently this database was made publicly accessible via the Synthient threat analysis platform, and afterward it was added to the Have I Been Pwned (HIBP) breach aggregator.
HIBP creator Troy Hunt confirmed that the Synthient database contains about 183 million credentials — including usernames, passwords, and the website addresses where they were used. According to Hunt, this is not a single data breach: the information was collected over years from Telegram channels, forums, the dark web, and other sources. Moreover, these accounts are not tied to a single platform but to thousands, if not millions, of different sites and services.
At the same time, 91% of the records had already appeared in previous leaks and were in the HIBP database, and only 16.4 million addresses turned out to be new.
Representatives of Synthient confirmed that most of the data in the database was obtained not by breaching organizations, but by infecting individual users’ systems with malware. In total, the researchers collected 3.5 TB of information (23 billion rows), including exposed email addresses, passwords, and the URLs of sites where the compromised credentials were used.
Google notes that the company regularly discovers such databases and uses them for security checks, helping users reset leaked passwords and secure their accounts again.
The company also emphasizes that even if Gmail wasn’t breached, old usernames and passwords that have already ended up in leak databases can still pose a risk. To reduce such risks, Google recommends enabling multi-factor authentication or switching to passkeys, which are more secure than traditional passwords.
Recall that in September 2025, Google already refuted reports of a massive leak of Gmail user data. At the time, media outlets claimed that Google was allegedly notifying all Gmail users (about 2.5 billion people) en masse to urgently change their passwords and enable two-factor authentication. Google representatives assured then that this was false.