Google denies Gmail data breach after reports of millions of passwords leaked

In a recent statement, Google has refuted allegations regarding a significant security breach affecting Gmail, which purportedly resulted in the leak of millions of email passwords. The tech giant clarified that these claims stem from a misunderstanding of older data that has surfaced online, rather than a new security incident targeting its email platform. On Tuesday, Google took to its official account on X to address the issue, asserting, "Reports of a 'Gmail security breach impacting millions of users' are false. Gmail’s defenses are robust, and users remain protected." This response aimed to dispel confusion surrounding the misleading reports, which were linked to what Google described as "infostealer databases"—collections of data compiled from various past credential theft events. The uproar originated from Australian cybersecurity expert Troy Hunt, who operates the breach notification service Have I Been Pwned. Hunt disclosed the emergence of a massive 3.5-terabyte database containing approximately 183 million email credentials online. Although this data may include information from various breaches, including potential Gmail accounts, Google emphasized that there is no evidence of a current attack on its systems. The situation gained traction after The New York Times highlighted Hunt's findings, prompting him to advise users to check their email addresses for potential compromises by visiting HaveIBeenPwned.com. This site allows users to determine if their information has been exposed in any known data breaches and provides insights into when and how the exposure occurred. While Google asserts that Gmail has not been breached, the company continues to stress the importance of account security. They recommend that users activate two-step verification, consider using passkeys as a more secure alternative to traditional passwords, and reset their credentials if they find them in public data repositories. Google also reassured users that its security systems are designed to detect and respond to large-scale data leaks, ensuring that affected accounts are swiftly secured.