A 183 million passwords have been leaked online after cybercriminals shared stolen data from millions of web users, including Gmail accounts, on hacker forums and messaging platforms.
This is a discovery by analysts from cybersecurity firm Synthient, who uncovered 3.5 terabytes of stolen login information being circulated on dark web marketplaces, Telegram channels, and social media sites.
Troy Hunt, founder of the cybersecurity tracking site HaveIBeenPwned.com, said the leaked email addresses and passwords are genuine. Hunt’s team collaborated with Synthient to verify the scale of the breach.
“This event is not a single data breach but rather an aggregation of millions of stolen credentials from infostealer malware. It underscores the importance of avoiding shared credentials and maintaining strong visibility over both personal and business email security,” said Michael Tigges, a senior security operations analyst at Huntress.
“Prevention is the best defence,” Tigges said. “Strong, unique passwords and awareness of download sources go a long way in keeping your data safe.”
Read also: From phishing to deepfakes: Africa faces next generation of cyber threats
The data, described as ‘stealer logs,’ was harvested using malicious software known as infostealers, which secretly record email addresses and passwords stored in browsers, and security experts warn Gmail users and others to check if their credentials have been compromised
Users can find out whether their passwords or email addresses were exposed using the HaveIBeenPwned website, which allows people to check against known data breaches safely. By entering a password into the site’s tool (without needing to provide an email), users can see if it has appeared in any leaks, including this latest trove.
The site also offers a separate checker for email addresses to see if they’ve been part of major breaches.
Cybersecurity experts advise users to change their passwords immediately, starting with their primary email accounts, as access to these can unlock other sensitive accounts like banking or social media. They also recommend enabling multi-factor authentication (MFA) for added protection.
Experts warn against storing passwords in web browsers, since malware can easily extract them. Instead, users are encouraged to use dedicated password managers, which can securely store credentials and alert users if their information appears in future breaches.
Keeping antivirus software updated and downloading only from trusted sources can reduce the risk of infection by infostealer malware. The leak serves as a stark reminder of the growing sophistication of cybercriminals and the importance of maintaining digital hygiene to protect personal and business information online.
