Copyright pakobserver
ISLAMABAD – A massive new dataset is spreading across underground hacker forums with millions of stolen login passwords, causing panic among users. The cyber leak comprises 183 million email addresses and passwords, including verified Gmail login credentials. The discovery was made by the trusted breach-tracking platform HIBP, led by cybersecurity expert Troy Hunt, who confirmed that this leak includes real, working Gmail passwords verified by affected users themselves. This is not just another recycled dump of old passwords. The data, drawn from “stealer logs” and vast credential-stuffing compilations collected in April 2025, is a sprawling 3.5-terabyte treasure trove containing more than 23 billion records of login information including website URLs, emails, and plaintext passwords. At least one Gmail user confirmed to Hunt that their leaked password was indeed active, instantly turning this dataset from speculation to hard proof of compromise. And Gmail, the world’s most widely used email platform is right at the center of it. The stolen data was built from infostealer malware that silently captures user credentials from infected computers, combined with massive credential-stuffing lists used by hackers to attack multiple websites. In a recent analysis of 94,000 sample records, an astonishing 92pc had already been leaked before, but 8% were brand new. That translates to over 14 million never-before-seen credentials. The breach is global, spanning users and services from all parts of world. Experts are calling this breach a ticking time bomb for internet users worldwide. Gmail Password Leak For the unversed, when hackers get hold of one email or password pair, they try it across countless services in what’s known as credential stuffing. If your Gmail password appears in this leak and you’ve used it elsewhere your entire online identity may be exposed. Banking accounts, social media, and even work logins could all be at risk. To avoid any mishap, change your passwords at the earliest, starting with Gmail and any other accounts where you reused the same password. Turn on Two-Factor Authentication (2FA) for Gmail, banking, and other sensitive accounts. It adds a critical extra layer of defense. Use unique passwords for every site a password manager can generate and store them for you. Switch to passkeys or biometric logins if possible. These modern methods are far safer than passwords.
