Gmail Passwords Infostealer Malware Breach, 183 Million Accounts Affected! How to Secure Accounts?

Liputan6.com, Jakarta A large-scale cyber incident has rocked the internet, with approximately 183 million email accounts, including confirmed Gmail login credentials.

This sensitive data, which includes email addresses and passwords in plain text, was added to the popular data breach monitoring service, Have I Been Pwned (HIBP), on October 21, 2025.

The leak was not caused by a direct hack of Google servers, but rather the result of a massive infostealer malware campaign.

This data breach highlights the serious vulnerabilities facing internet users, especially those who reuse passwords across multiple platforms.

Google has issued a warning to its 2.5 billion Gmail users to increase their vigilance..

The data breach, involving 183 million accounts, was uncovered after data was compiled by Synthient LLC, a threat intelligence firm.

Synthient monitors the cyber black market for infostealer activity and provided the data to cybersecurity researcher Troy Hunt for analysis and inclusion in the HIBP database.

HIBP then validated the authenticity of the leak after at least one Gmail user confirmed that the password listed in the data set was for their account.

The leaked data included unique email addresses, plaintext passwords, and associated website URLs.

The data set sent to HIBP totaled 3.5 terabytes, containing approximately 23 billion rows of login information.

Of this data, approximately 16.4 million credentials were new and had not appeared in previous breach records, demonstrating the significant scale and impact of this incident.

The primary source of this breach was an infostealer malware campaign active between April 2024 and April 2025.

The leak of 183 million email accounts, including Gmail passwords, poses a serious impact to millions of users.

The primary vulnerability arises because many people tend to reuse the same passwords across multiple online services.

This means that if one password is leaked, other accounts using similar credentials are also at high risk of being hacked, potentially leading to mass account takeovers.

Leaked data, especially those containing passwords in plain text, can be exploited by cybercriminals for a variety of follow-up attacks.

One common method is credential stuffing, where stolen credentials are automatically tried on other websites or platforms.

Google has issued a warning to its 2.5 billion Gmail users to increase vigilance and take precautions.

There are several crucial steps every user should take immediately.

The first action is to check whether your email address has been exposed.

You can do this by visiting the Have I Been Pwned (HIBP) website to see if your credentials are included in the list of leaked data.

After checking for exposure, immediately change the password for your Gmail account and all other accounts that may use the same credentials.

Be sure to create a strong, unique, and difficult-to-guess password.

Additionally, enabling two-factor authentication (2FA) is a highly effective security measure, as it adds an extra layer of protection that can block unauthorized access even if your password has been stolen.

For long-term security, consider using a password manager like Bitwarden or 1Password.

These tools help you create and store unique, strong passwords for each account without having to remember them all.

Also, don't forget to regularly review the apps connected to your accounts and remove any suspicious access points, and utilize Google's built-in Security Checkup feature to ensure all your security settings are optimal.