183M Gmail Passwords Leaked

https://www.forbes.com/sites/daveywinder/2025/10/27/gmail-passwords-confirmed-as-part-of-183-million-account-data-breach/

18•FrostKiwi•2h ago

Comments

larholm•1h ago

The title of the article makes it clear that these are not 183M Gmail passwords, but that Gmail passwords are a part of the leak.

"Gmail Passwords Confirmed As Part Of 183 Million Account Data Leak"

nomilk•1h ago

Some apps reset your password automatically (send you a password reset email) if they detect it has been leaked.

But email services appear to have a harder problem due to the catch 22 where you can't log in to reach the password reset email if they were to reset your password.

What do they do?

bfkwlfkjf•1h ago

Maybe recovery email. Gmail once in a while asks me to set one up.

charcircuit•1h ago

Ignoring the backup email case as the other commentor left. In practice accounts are not immediately compromised so there is enough time to send a reset to the original user.

You could also do things like having the reset require the user to have a token that was issued before the compromise to prove you were able to authenticate before the leak happened.

comrade1234•1h ago

I skimmed the article. I skimmed several of the linked articles. No one says the source of the credentials, other than where people are buying and selling them. Where are google login credentials coming from? Malware I assume and nothing to do with a problem at google?

Semaphor•1h ago

https://www.troyhunt.com/inside-the-synthient-threat-data/

Primary article instead of shitty forbes blog spam.

jcattle•1h ago

So it is not a breach, but a collection of many sources.

It is 183 million email (not gmail) addresses in the collection of which 14M haven't been seen before on have i been pwned.

This hackernews title should be changed. (Currently: 183M Gmail Passwords Leaked)

bfkwlfkjf•1h ago

Uh oh. For a long time I've been giving myself the excuse that the only reason why I keep using Gmail is security - Google has never had these kind of breaches.

The argument is no longer valid, time to move off Gmail.

jsnell•1h ago

There was no breach, which is clear from the first sentence of the article.

Moru•52m ago

If I understood the follow up blogpost right, it states that there is a lot of email adresses where the only hit is the email domain so they are filtering away that as false positives. Not all stolen credentials are properly aligned and encoded with ; on the correct place I guess :-)

There might be a lot less gmail adresses showing up as pwned now.

blitzar•1h ago

sex, love, secret, and god

Those are mine

How Elon Musk ruined Twitter

AI stocks could be part of a new Magnificent 7

Beyond the Magic: How LLMs Work

Situated Software – Clay Shirky (2004)

Stackful Coroutine Made Fast

Why I no longer engage with Nature publishing group

The Majority of Your Users

Apple Has Two Problems

Recommend your best web designer

The Highs and Lows of Tardigrade Pregnancy [video]

A way to link to a router for Chinese Postman routing?

AI predicts Bitcoin price with Mt. Gox repayments delayed until 2026

Austria: Pylons as sculpture for public acceptance of expanding electrification

Wi-Fi Energy Meter

GitHub Copilot Customizations

Monitor the Performance of Your Ecto for Elixir App with AppSignal

Some Heroes Wear Wigs

Data, their rules: The growing risks of hosting EU data in the US cloud

Libcpu: A library to emulate several CPU architectures using LLVM

AI Trading in Real Market

Hogeweyk: Amsterdam's Revolutionary Dementia Village

Python Foundation goes ride or DEI, rejects government grant with strings

Amazon Says It Will Cut 14,000 Corporate Roles to Remove Layers

Show HN: I was tired of people dmming me just "hi", so I made this - NoGreeting

Good Managers Write Good

Multi Layered Calendars (2023)

Who vs. Whom Lesson

An AI Adoption Riddle

When the Cloud Breaks: Lessons from the AWS Outage

Sufficiently Smart Compiler