A 183M-password trove, including Gmail logins, was added to Have I Been Pwned. See if you’re exposed, change passwords, use unique logins, and enable 2FA.
© RusPhotoBank
A massive database with more than 183 million passwords, including Gmail logins, has surfaced online. It ranks among the biggest cyber leaks of 2025. The stolen data has already been added to Have I Been Pwned (HIBP), where anyone can check whether their account is affected.
Cybersecurity expert Troy Hunt confirmed the incident and noted that the trove merges data from so-called stealer logs — records harvested by malware over the past year. In other words, this looks less like a single breach and more like a rolling capture of credentials.
According to Synthient, the company that analyzed the case, the dataset totals 3.5 TB and includes 23 billion records. Each entry lists a site address, a login, and a password — for example, Gmail.com and the associated email.
Hunt examined a sample of 94,000 records and found that about 8% were new, meaning they had not been published before. That equates to roughly 16.4 million unique email addresses. Some HIBP users have verified that their leaked passwords are genuine, underscoring how current the information is.
What should Gmail users do? Experts strongly recommend the following: check your address on haveibeenpwned.com; if your credentials appear in the leak, change passwords immediately; use unique passwords for every site; enable two-factor authentication (2FA); and set up HIBP notifications to hear about new leaks promptly.
This incident is a fresh reminder that credential theft is a continuous process. Even if you were spared this time, your passwords can surface in new combinations later. Security demands steady attention: update passwords, rely on a password manager, and don’t leave it to luck.