General Discussion Gmail accounts breached

Grr! Argh!

buffy-tvs-mutant-enemy.gif
 
Thank you, Lynn. I changed two gmail passwords this morning. When I signed on to make the changes, there was an ominous alert on each one 😠
 
Google says this report is a misunderstanding.
https://www.theregister.com/2025/10/28/gmail_breach_fake_news/

Panic spread faster than a phishing email on Tuesday after claims of a massive Gmail breach hit the headlines – but Google says it's all nonsense.
The ad giant moved quickly to quash reports that more than 183 million Gmail accounts had been compromised in a "major security breach." The claims, which appeared in numerous outlets including The Daily Mail, The Mirror, Forbes, The Independent, and the New York Post, are "false," according to Google, which blamed the fuss on a misunderstanding of old, recycled credentials rather than evidence of an intrusion.
The confusion appears to have started after Have I Been Pwned (HIBP) creator Troy Hunt announced he had added a large dataset of 183 million credentials to the breach notification service. The data was shared with Hunt by Synthient, a threat intelligence platform that collects and analyzes information from infostealer malware logs. As Hunt explained in a blog post, the collection reflects years of infostealer activity rather than a single new compromise – and certainly not a targeted attack on Gmail.

Google echoed that point on X. "Reports of a 'Gmail security breach impacting millions of users' are false. Gmail's defenses are strong, and users remain protected," the company said. It added that the data circulating online "is stemming from a misunderstanding of infostealer databases, which routinely compile various credential theft activity occurring across the web."

Infostealer databases, which are continuously aggregated from infected browsers, phishing kits, and cracked software, often contain Gmail addresses simply because so many users reuse them across the internet. When such collections resurface, they're frequently misinterpreted – or sensationalized – as fresh breaches.

Hunt was also perplexed by the widespread coverage the so-called "breach" had received. "I think they're deliberately misleading and designed to drive eyeballs on ads whilst the truth gets buried somewhere further down in the story," he said.

For users, the takeaway is straightforward: enable two-step verification, switch to passkeys if possible, and update passwords that appear in breach notifications.
 
Thank you, DeeLo. Misunderstanding. Okay. However, I still changed my password and not a bad idea no matter what. At the time, I saw none of that. Appreciate it. 👍
 
You must log in or register to reply here.

Recent Discussions

Back
Top