183M Gmail Passwords Leaked

https://www.forbes.com/sites/daveywinder/2025/10/27/gmail-passwords-confirmed-as-part-of-183-million-account-data-breach/

21•FrostKiwi•3mo ago

Comments

larholm•3mo ago

The title of the article makes it clear that these are not 183M Gmail passwords, but that Gmail passwords are a part of the leak.

"Gmail Passwords Confirmed As Part Of 183 Million Account Data Leak"

EForEndeavour•3mo ago

By the article's logic, I just exhaled 5 * 10^18 kg of carbon dioxide into the earth's atmosphere.

nomilk•3mo ago

Some apps reset your password automatically (send you a password reset email) if they detect it has been leaked.

But email services appear to have a harder problem due to the catch 22 where you can't log in to reach the password reset email if they were to reset your password.

What do they do?

bfkwlfkjf•3mo ago

Maybe recovery email. Gmail once in a while asks me to set one up.

charcircuit•3mo ago

Ignoring the backup email case as the other commentor left. In practice accounts are not immediately compromised so there is enough time to send a reset to the original user.

You could also do things like having the reset require the user to have a token that was issued before the compromise to prove you were able to authenticate before the leak happened.

comrade1234•3mo ago

I skimmed the article. I skimmed several of the linked articles. No one says the source of the credentials, other than where people are buying and selling them. Where are google login credentials coming from? Malware I assume and nothing to do with a problem at google?

Semaphor•3mo ago

https://www.troyhunt.com/inside-the-synthient-threat-data/

Primary article instead of shitty forbes blog spam.

jcattle•3mo ago

So it is not a breach, but a collection of many sources.

It is 183 million email (not gmail) addresses in the collection of which 14M haven't been seen before on have i been pwned.

This hackernews title should be changed. (Currently: 183M Gmail Passwords Leaked)

bfkwlfkjf•3mo ago

Uh oh. For a long time I've been giving myself the excuse that the only reason why I keep using Gmail is security - Google has never had these kind of breaches.

The argument is no longer valid, time to move off Gmail.

jsnell•3mo ago

There was no breach, which is clear from the first sentence of the article.

Moru•3mo ago

If I understood the follow up blogpost right, it states that there is a lot of email adresses where the only hit is the email domain so they are filtering away that as false positives. Not all stolen credentials are properly aligned and encoded with ; on the correct place I guess :-)

There might be a lot less gmail adresses showing up as pwned now.

blitzar•3mo ago

sex, love, secret, and god

Those are mine

readthenotes1•3mo ago

Please be careful when typing in the name of God. It could have devastating consequences.

I hope you're using a site that requires at least 6 (but no more than 10) uppercase, lowercase, numeric, and special characters.

https://archive.org/details/ninebillionnames00clar

IAmBroom•3mo ago

Scott Alexander, that you?

Zram as Swap

Green’s Dictionary of Slang - Five hundred years of the vulgar tongue

Nvidia CEO Says AI Capital Spending Is Appropriate, Sustainable

Show HN: StyloShare – privacy-first anonymous file sharing with zero sign-up

Part 1 the Persistent Vault Issue: Your Encryption Strategy Has a Shelf Life

Show HN: Teleop_xr – Modular WebXR solution for bimanual robot teleoperation

The Highest Exam: How the Gaokao Shapes China

Open-source framework for tracking prediction accuracy

India's Sarvan AI LLM launches Indic-language focused models

Show HN: CryptoClaw – open-source AI agent with built-in wallet and DeFi skills

ShowHN: Make OpenClaw respond in Scarlett Johansson’s AI Voice from the Film Her

CReact Version 0.3.0 Released

Show HN: CReact – AI Powered AWS Website Generator

The rocky 1960s origins of online dating (2025)

Show HN: Agent-fetch – Sandboxed HTTP client with SSRF protection for AI agents

Why there is no official statement from Substack about the data leak

Effects of Zepbound on Stool Quality

Show HN: Seedance 2.0 – The Most Powerful AI Video Generator

Ask HN: Do we need "metadata in source code" syntax that LLMs will never delete?

Pentagon cutting ties w/ "woke" Harvard, ending military training & fellowships

Can Quantum-Mechanical Description of Physical Reality Be Considered Complete? [pdf]

Kessler Syndrome Has Started [video]

Complex Heterodynes Explained

MemAlign: Building Better LLM Judges from Human Feedback with Scalable Memory

CCC (Claude's C Compiler) on Compiler Explorer

Homeland Security Spying on Reddit Users

Actors with Tokio (2021)

Can graph neural networks for biology realistically run on edge devices?

Deeper into the shareing of one air conditioner for 2 rooms

Weatherman introduces fruit-based authentication system to combat deep fakes