/thetatva/media/agency_attachments/2024-10-11t075417641z-tatva-logo-white-yashodhar-gulati-crop.png){kind=logo}
/thetatva/media/agency_attachments/2024-10-11t075412214z-tatva-logo-white-yashodhar-gulati-crop.png){kind=logo}
/thetatva/media/media_files/2025/10/29/alert-183-million-passwords-leaked-online-gmail-other-accounts-at-risk-2025-10-29-16-18-49.jpg)
A huge data leak may have exposed the passwords of around 183 million internet users, cybersecurity expert Troy Hunt has claimed. The breach reportedly took place in April this year and includes email accounts from services like Gmail, Yahoo, Outlook, and many others, as reported by the Daily Mail.
The stolen information is estimated to be 3.5 terabytes, which is equal to around 875 HD movies. Hunt said this data was not leaked at once but collected through multiple ‘stealer logs’, files created by malware that secretly gather personal information from infected devices.
“Stealer logs are more of a firehose of data that's just constantly spewing personal info all over the place,” Hunt wrote on his blog. “Once the bad guys have your data, it often replicates over and over again via numerous channels and platforms.”
How to check if your account was affected
Hunt runs a website called haveibeenpwned.com, where users can enter their email address to see if their account has appeared in any known data breaches. The website checks past breaches too, not just the recent one.
If your email is found in the leaked database, experts suggest:
Change your password immediately
Use strong and unique passwords
Turn on two-step verification for extra safety
How hackers got the passwords
According to the UK’s Metro, hackers used malware called ‘infostealers’. This malware records login details when users enter them on their devices. The stolen data is then shared inside hacker networks.
The report also mentions that Benjamin Brundage, an American college student working with security firm Synthient, created a tool that tracked these hacker networks. This tool helped discover that at one point, nearly 600 million stolen credentials were being shared inside them.
Synthient then shared the findings with Have I Been Pwned, which allowed Hunt to check and list the affected accounts.
This case shows how common cyber attacks have become and how easily personal data can be stolen. Experts say staying alert and using strong security practices is now more important than ever.
The breach became public through a blog post on Have I Been Pwned, based on data collected by security firm Synthient.