Gmail users put on red alert after millions of passwords stolen in huge data breach
An eye-watering 183 million passwords were stolen in the 3.5-terabyte leak.
Millions of email users have had their information leaked in a massive data breach. An eye-watering 183 million passwords were stolen in the incident, which has impacted people all across the globe.
An expert has revealed that the breach "came from everywhere you could imagine" but Google data was prominent within the leak - and Gmail users have been put on high alert.
Around 3.5 terabytes were reportedly stolen in the incident, with addresses, passwords, and the websites they were entered into featuring heavily in the breach, The Mirror reports.
A cybersecurity expert has warned Brits to take extra precautions to ensure they and their data are safe.
The monster breach was carried out by "infostealer activity" and first confirmed back in April. Details of the data have been posted to the Have I Been Pwned database.
The post suggested that the stolen data was mainly "stealer logs and credential stuffing lists".
Troy Hunt, a cybersecurity expert, told the Daily Mail that the stolen information affected "all the mail providers" but warned that Gmail data "features heavily".
He said: "Stealer logs are more of a firehose of data that's just constantly spewing personal info all over the place. Once the bad guys have your data, it often replicates over and over again via numerous channels and platforms."
He added: “All the major providers have email addresses in there. They’re from everywhere you could imagine, but Gmail always features heavily.”
A spokesperson for Google told Forbes that the risk of being affected by the data breach could be mitigated by making a few tweaks using tools the firm already provides.
They said: “This report covers broad infostealer activity that targets many types of web activities.
"When it comes to email, users can help protect themselves by turning on 2-step verification and adopting passkeys as a simpler and stronger alternative to passwords."
The spokesperson added that Gmail users also have another method of keeping themselves safe if they think their account has been hacked. By simply checking the 'account activity' page, they can see if someone has been active in their account illegally.
For those who cannot sign in, the spokesperson suggested they should use the 'account recovery' page to try and resurrect their Gmail account.
Anyone whose password has been featured in a large-scale data breach should go through a specific resetting process.
The spokesperson said: "To help users, we have a process for resetting passwords when we come across large credential dumps such as this."
Anyone concerned that their password may have been released in the latest breach, or just that it may be on the weaker side and need beefing up, can use Google's password checkup feature.
The feature can be found in Chrome by selecting Passwords and autofill from the menu on the top right, and then clicking into the Google Password Manager - Checkup page.