Daijiworld Media Network - Sydney

Sydney, Oct 28: In what is being described as one of the largest data leaks in recent years, a massive 3.5-terabyte trove of stolen data has surfaced online, exposing millions of email users — including Gmail account holders — to potential cyber threats.

The revelation came from Troy Hunt, an Australian cybersecurity researcher and founder of the website Have I Been Pwned, who said the leaked archives contain over 183 million unique accounts and 16.4 million new email addresses not seen in previous breaches.

Cybersecurity experts have warned that the breach poses serious risks of phishing attacks and unauthorised account access, as the exposed credentials were collected through malicious software known as infostealers.

Explaining the breach in his blog, Hunt said, “Stealer logs are the product of malware running on infected machines and capturing credentials entered into websites. For instance, someone logging into Gmail could have their email and password captured against gmail.com.”

Users have been advised to check whether their credentials were compromised by visiting HaveIBeenPwned.com. Those affected should immediately change their passwords and enable two-factor authentication (2FA) for added protection.

However, Google has firmly denied that its Gmail systems were hacked. “Reports of a Gmail security ‘breach’ impacting millions of users are entirely inaccurate and incorrect,” a Google spokesperson told The New York Post.

Google further urged users to strengthen account security by enabling two-step verification and switching to passkeys, a more secure alternative to traditional passwords.

The tech giant reiterated that while its systems remain secure, users must remain vigilant against credential leaks originating from malware-infected devices.