Gmail is one of the most widely used email services in the world, holding personal messages, financial details and sensitive information for millions of users. This is why any news about the security threats faced by Gmail prompts serious concerns in this matter. It has now been reported that millions of Gmail users may be at risk following the identification of a large database containing stolen login information.
Cybersecurity researcher Jeremiah Fowler highlighted that millions of sets of usernames and passwords were leaked in one of the biggest data breaches. He reportedly found 149 million login records in the database, out of which Gmail accounts made up the biggest chunk.
Fowler stated that he had discovered around 48 million Gmail user credentials from the leaked database, including other prominent platforms across the globe.
This information included email addresses, usernames, and passwords, as well as direct links to account login sites. Fowler commented that emails had been collected from people around the world, containing almost every kind of online account there was. What is troubling in this case is that the emails remained unprotected, accessible over the internet by anyone who wanted to view or copy this information.
While Gmail was the most affected service, other popular platforms were also impacted. The researcher estimated that about 17 million Facebook credentials were found, followed by Instagram at 6.5 million and Yahoo Mail at four million. Accounts linked to Netflix, Outlook, iCloud and TikTok were also reportedly included in the dataset.
Google quickly responded, stating this was not the result of a new breach. A company's spokesperson stated that this data came from mitigating credential dump lists, known as Credential Dump Lists, which are collections of numerous credentials hacked or stolen from users through various tactics (such as malware known as infostealers, which steal user credentials over time from infected personal devices). Google said it uses automated systems to detect exposed passwords, lock accounts and force resets when needed.
Fowler advised users to ensure that they upgrade their devices and to also be on the lookout for any suspicious activity on their devices, as well as to ensure that they use good security tools.