A vast stockpile of data involving 183 million compromised email addresses and passwords has been added to the breach-monitoring site Have I Been Pwned (HIBP) as one of the largest data exfiltration leaks to date.
The data was primarily collected through infostealer malware rather than a direct breach, including millions of Gmail accounts.
Meanwhile cybersecurity experts say that the extent of disclosure presents a serious risk of account takeovers.
Investigations are ongoing, and analysts are trying to review the security of accounts, reset passwords, and activate two-step verifications for users.
Data for approximately 183 million Gmail accounts were recently added to HIBP on October 21, 2025.
The collection was mainly referred to as the “Synthetic Stealer Log Threat Data,” was compiled by Synthient LLC and originated from infostealer malware logs, rather than from a breach of a single platform.
In this connection, HIBP founder Troy Hunt confirmed that the dataset can be easily searched by email, password, and domain.
It has been observed that among the exposed credentials, a considerable portion were stored in plaintext alongside the website they were used on.
While analysts have issued warnings, the inclusion of plaintext passwords significantly increases the risk of credential replay.
In order to recover accounts, cybersecurity experts recommend that Gmail users immediately change their passwords and avoid reusing them across multiple sites.
Google’s Security Check-up tool can mainly identify devices or connected applications that should be removed immediately.
Two-step verification should be enabled, using a hardware key or passkey rather than an SMS code, to prevent unauthorized access even if credentials are leaked.
The exposure of 183 million credentials has underscored how infostealer malware has become a leading source of data theft globally.
Nonetheless, Gmail’s own systems have not been affected, and analysts say that the incident underlines the risks linked to weak device protection.
Additionally, investigations are underway to scrutinize the scope of leak, and users of all devices are advised to use reputable anti-virus scans to get rid of infostealer malware.
