183 million email passwords leaked: check yours now

NEWNow you can listen to News articles!

A massive online breach has exposed more than 183 million stolen email passwords collected over years of malware infections, phishing campaigns and older data breaches. Cybersecurity experts say it is one of the largest compilations of stolen credentials ever discovered.

Security researcher Troy Hunt, who runs the website Have I Been Pwned, found the 3.5 terabyte data set online. The credentials came from information-stealing malware and credential stuffing lists. This malware secretly collects usernames, passwords, and website logins from infected devices.

Researchers say the data contains old and recently discovered credentials. Hunt confirmed that 91% of the data had appeared in previous leaks, but around 16.4 million email addresses were completely new to any known data set.

Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.

DISCORD CONFIRMS BREACH OF PROVIDER USER ID EXPOSED IN RESCUE PLOT

Employee detection data breach exposes 3.3 million records

Cyber experts discovered a 3.5 terabyte data dump containing millions of stolen logins. (Kurt “CyberGuy” Knutsson)

The real risk behind password leaks

The leak puts millions of users at risk. Hackers typically collect stolen logins from multiple sources and combine them into large databases circulating on dark web forums, Telegram channels, and Discord servers.

If you have reused passwords across multiple sites, attackers can use this data to break into your accounts through credential stuffing. This method tests stolen username and password pairs on many different platforms.

The risk remains real for anyone using old or duplicate credentials. A compromised password can unlock social media, banking, and cloud accounts.

GOOGLE CONFIRMS DATA STOLEN IN BREACH BY A KNOWN HACKER GROUP

Researcher Troy Hunt traced the breach to malware that secretly steals passwords from infected devices. (Jens Büttner/Picture Alliance via Getty Images)

Google responds to reports

Google confirmed that there was no Gmail data breach. In a post on X, the company stated that “reports of a Gmail security breach affecting millions of users are false. Gmail’s defenses are strong and users remain protected.”

Google clarified that the leak came from data thieves’ databases that compile years of stolen credentials from across the web. These databases are often mistaken for new breaches when, in fact, they represent ongoing theft activity. Troy Hunt also confirmed that the dataset originated from Synthient’s collection of data breach logs, not from a single platform or recent attack. While no new breach occurred, experts warn that leaked credentials remain dangerous because cybercriminals reuse them for future attacks.

How to check if you were exposed

To see if your email was affected, visit Have I Been Scammed? It is the first and official source of this newly added data set. Enter your email address to find out if your information appears in the Synthient leak.

Many password managers also include built-in breach scanners that use the same data sources. However, they may not include this new collection yet until their databases are updated.

If your address appears, treat it as compromised. Change your passwords immediately and enable stronger security features to protect your accounts.

COLUMBIA UNIVERSITY DATA BREACH AFFECTS 870,000 PEOPLE

The 183 million exposed credentials came from malware, phishing, and old data leaks. (Kurt “CyberGuy” Knutsson)

9 steps to protect yourself now

Protecting your life online starts with consistent action. Each step below adds another layer of defense against hackers, malware, and credential theft.

1) Change your passwords immediately

Start with your most important accounts, such as email and banking. Use strong, unique passwords with letters, numbers, and symbols. Avoid predictable options like names or birthdays.

Never reuse passwords. One stolen password can unlock multiple accounts. Each login must be unique to protect your data.

A password manager makes this simple. Stores complex passwords securely and helps you create new ones. Many administrators also check for breaches to see if their current passwords have been exposed.

Next, check if your email has been caught in a recent credentials leak. Our #1 password manager pick includes a built-in breach scanner that searches trusted databases, including Have I Been Pwned’s recently added Synthient data. Helps you know if your email or passwords have appeared in any known breaches. If you see a match, change any reused passwords immediately and protect those accounts with strong, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

2) Enable two-factor authentication (2FA)

Light 2FA whenever possible. Adds a powerful second layer of defense that blocks intruders even if they have your password. You’ll receive a code via text message, app, or security key. That code ensures that only you can log into your accounts.

3) Use an identity theft service for ongoing monitoring

Identity theft companies can monitor personal information such as your Social Security number (SSN), phone number, and email address, and alert you if it is sold on the dark web or used to open an account. They can also help you freeze your bank and credit card accounts to prevent further unauthorized use by criminals. It’s a smart way to stay one step ahead of hackers.

See my tips and best options on how to protect yourself from identity theft at Cyberguy.com.

4) Protect your devices with powerful antivirus software

Infostealer malware hides inside fake downloads and phishing attachments. Powerful antivirus software scans your devices to stop threats before they spread. Keep your antivirus updated and run frequent scans. Even an unprotected device can put your entire digital life at risk.

The best way to protect yourself from malicious links that install malware and potentially access your private information is to have powerful antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best antivirus protection winners of 2025 for your Windows, Mac, Android, and iOS devices at Cyberguy.com.

5) Avoid saving logins in your web browser.

Browsers are convenient but risky. Infostealer malware often targets passwords saved in your web browser.

6) Keep software up to date

The updates fix security flaws that hackers exploit. Activate automatic updates for your operating system, antivirus and applications. Staying updated keeps threats away.

7) Download only from trusted sources

Avoid unknown websites that offer free downloads. Fake applications and files often contain hidden malware. Use official app stores or websites of verified companies.

8) Review your account activity frequently

Review your accounts regularly for unusual logins or device connections. Many platforms display a login history. If something seems strange, change your password and enable 2FA immediately.

9) Consider a personal data deletion service

The massive leak of 183 million credentials shows how widely your personal information can spread and how easily it can resurface years later in aggregated hacker databases. Even if your passwords were part of a previous breach, data such as your name, email, phone number, or address may still be available through data broker sites. Personal data removal services can help reduce your exposure by removing this information from hundreds of these sites.

While no service can guarantee complete removal, they dramatically reduce your digital footprint, making it difficult for scammers to cross-reference leaked credentials with public data to impersonate you or attack you. These services automatically monitor and delete your personal information over time, giving me peace of mind in today’s threat landscape.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already available on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already available on the web: Cyberguy.com.

CLICK HERE TO GET THE News APP

Kurt’s Key Takeaways

This leak highlights the current danger of malware and password reuse. Prevention remains the best defense. Use unique passwords, enable 2FA and stay alert to keep your data safe. Visit Have I Been Pwned today to check your email and take action. The faster you respond, the better you protect your identity.

Have you ever discovered your data in a breach? What did you do next? Let us know by writing to us at Cyberguy.com.

Kurt “CyberGuy” Knutsson is an award-winning technology journalist with a deep love for technology, gear and devices that improve lives with his contributions to News and News Business since mornings on “News & Friends.” Do you have any technical questions? Get Kurt’s free CyberGuy newsletter, share your voice, a story idea or comment on CyberGuy.com.

Breaking News

Widespread habit may increase colorectal cancer risk more than believed

US judge blocks Pentagon’s restrictive press access policy

Jon Stewart responds after Elon Musk calls him out

MAGA Candidate Says Americans Should Support Trump

Trump administration sues Harvard, alleging the university failed to protect Jewish and Israeli students

James Comey summoned to appear for alleged grand conspiracy against Trump

Tallest college basketball player ever towers over 6-foot-8 opponent in viral March Madness moment

NBA champion Thunder will not visit White House, citing timing issue

Legendary sports agent suggests teams should take new approach as NFL ticket prices continue to skyrocket

Trump signs executive order preventing college football games from competing with Army and Navy schedule