The exposed data includes millions of Gmail accounts, and early analysis indicates it was gathered through infostealer malware rather than a direct breach of Google’s servers.
Gmail data breach
On 21 October 2025, HIBP added a newly uncovered dataset containing roughly 183 million unique email addresses and paired passwords. The cache, named the “Synthient Stealer Log Threat Data,” was compiled by Synthient LLC and originates from logs of infostealer malware infections, not a compromise of a single service or platform.
HIBP founder Troy Hunt confirmed that the collection can be searched by email, password, and domain. A large number of entries relate to Gmail accounts, and concerningly, many passwords were stored in plaintext alongside the website on which they were used.
In a joint blog post, Hunt and Heise Online detailed how the dataset was amassed through a combination of infected devices and underground cybercrime channels and shifted from large, one-off platform breaches to a continuous stream of stolen credentials harvested via malware.
Which gmail users are at risk?
A substantial number of Gmail accounts appear in the Synthient dataset, which includes email-and-password combinations exposed in plaintext.
As per ibtimes who cited analysts, they also caution that infostealer malware often captures far more than just login credentials. In many cases, it can harvest browser cookies and authentication tokens, which may allow cybercriminals to bypass two-factor authentication (2FA) and access accounts without needing a password.However, reports from Cyber Insider and Forbes confirm there is no indication of a breach of Google’s systems. Instead, the stolen data was collected from malware-infected personal devices, where users’ credentials were logged and later sold or leaked.
How to check if your email has been hacked
The breach details were posted on Have I Been Pwned, so you can easily check there. You can check if you’ve been hacked, or “owned,” by simply entering your email address on their search page below.
https://haveibeenpwned.com/
What to do if your gmail data is breached
What should you do, then, if your password has been compromised?
How to do it for users: As per the mashable, Google’s Security Checkup spots unfamiliar devices or third-party app access and removes anything suspicious. Enabling two-step verification or changing your password is the right thing to do, ideally with a hardware key or passkey rather than SMS for stronger protection.
For organizations: As noted by TechSpot, businesses using Gmail or Google Workspace should strengthen password rules, mandate MFA, and improve anti-malware defenses to prevent similar risks in the future.