183 million email accounts breached. How to check yours.
 |
| Credit: Getty Images / Just_Super |
A new email breach was recently revealed, and the number of affected accounts is pretty staggering. Some 183 million email accounts were reportedly compromised.
The breach was revealed by Have I Been Pwned, which notes it includes both email addresses and corresponding passwords. The breach occurred in April and was added to Have I Been Pwned this week. The email addresses and passwords were apparently stolen via malware.
While your email being breached might not necessarily mean you're going to be the victim of an attack of some kind, it's probably best to know if you were breached. Luckily enough, checking is pretty simple.
How to check if your email has been hacked
Simply enough, you can check on Have I Been Pwned, where the breach info was posted. They have a search page, where you just enter your email address and see if you've been hacked aka Pwned.
So, what do you do if your password has been breached? It's simple enough: Change your password and potentially enable two-factor authentication. When it doubt, it's best to be safe.
Topics Cybersecurity Privacy
be informed and act accordingly...
ReplyDeleteOkay let me make this clear. It definitely wasn’t 183 million. It’s a lot less they say this sort of stuff so it makes people panic read articles and all that sort of stuff.
ReplyDeleteOf course this happened
ReplyDeleteFull video link🎥
ReplyDeletehttps://www.facebook.com/share/r/1ELYKNJtTA/
Write your email address and your current password and i check it for you (I work in IT). If breached you'll need to change it by yourself though
ReplyDelete Don’t panic. It definitely wasn’t 183 million accounts breached. This is common for articles like this for them to exaggerate because it equals clicks and that’s how they make money
ReplyDeleteAnother advert disguised as a news story. Input your email, and it will be sold repeatedly.
ReplyDeleteConsider learning about Troy Hunt and HIBP and realize that not everyone is an evil capitalist.
DeleteIt’s funny because the email address I use exclusively for porn has never been compromised.
ReplyDeleteCursed unholy protection.
DeleteAnd for God's sake do not go checking if your email is compromised by entering the email and password into some random checker!!
ReplyDeletehaveibeenpwned is a reputable source for checking.
DeleteThis comment has been removed by a blog administrator.
DeleteBut until then, it is
DeleteThe checker would be super simple to code though. Just store the credentials and return “Yes” to everyone who submits lol
DeleteYou can calculate the hash locally and send that to haveibeenpwned's API
DeleteThis is why you have multiple email addresses for different things.
ReplyDeleteI guess as long as MFA enabled then fuck it, every password will eventually get hacked within the month.
ReplyDeleteI'm in 17 breaches dating back to 2005, half being different hacked cryptocurrency services. No wonder I get a million spams, often crypto related. No account ever hacked though, but I also have 2FA and security keys on everything possible.
ReplyDeleteMy primary email has been part of 31 breaches. 31 times.
ReplyDeleteWill only get worse with digital ID
ReplyDeleteSays I have 19 breaches. Not sure how legit some of them are, as there are several breaches that seemingly contain my email but are for services I have never signed up for.
ReplyDeleteThere are a couple that I know are legit, but are from several years ago, and I've since changed my passwords for those services.
Proceeds to use sketch search engine to see if my credentials were compromised. Finds out I just compromised myself
ReplyDelete22 times... My favourite one is from PSP ISO in 2015. Good times.
ReplyDeleteI'm actually surprised to have 0... I had to double check I typed it correctly lol.
ReplyDeleteDoes it really matter? If my info is all out there since 2015, at this point, does any action on my part really make a difference in reducing potential fraud?
ReplyDeleteOh no… all of my carefully organized spam!
ReplyDeleteThat’s why i use one email address per account. I have 200+ email addresses and counting. Try to compromise that
ReplyDeleteI've been working on this. I at least have different passwords and 2fa on each account
DeleteThis comment has been removed by a blog administrator.
DeleteThere is this sweet website, you just need to enter your email address to see if you've been affected.....
ReplyDeleteDoes anyone care anymore? Every week some company announces they have a breach.
ReplyDeleteHad an password that was pretty much unbreakable at 6 characters. It is used Alt Codes which is not on your standard code breaker at the time. Eventually I had to change it because of a system update that never allowed alt codes.
ReplyDeleteMine is listed but the recs are to change my password for a service or website that I’ve never heard of…
ReplyDeletePossibly something like you signed up to Tims Tool site, that's owned by Harry's hardware, hosted on Williams websites. You don't know anything about Harry or William, but one of them has been lax with security or hacked, and they are the one mentioned.
DeleteThis comment has been removed by a blog administrator.
ReplyDeleteNice, 15 breaches for my main email. Thankfully my password is 20 characters, but I'm about to change it again.
ReplyDeletehaveibeenpwned says I have 4 breaches a few years ago, but recently I found out some of my accounts have been breached as recently as a few months ago. How often does the site update?
ReplyDeleteAs often as they get new data dumps.
DeleteA recommendation for those that might not consider it: Have tiered e-mail accounts for different stuff you sign up for.
ReplyDeleteThat way if something gets compromised, it might not be tied to professional / personal details.
not mine being leaked from wattpad 😂
ReplyDeleteDoes this matter if you have 2 step authentication?
ReplyDeleteI worry when my account has been compromised when the number of compromised accounts is under 10,000. When it's 183 million they're gonna be sifting through that for a little while.
ReplyDeleteI was pwned 30 times on my oldest account, 0 times on my 2 newer accounts since I've been using generated passwords.
ReplyDeleteMany are old/weak passwords.
Pretty much all my important accounts have 2FA linked to my phone, so no big deal.
The link says I've been breached 3 times. What to do is a complete mystery. What are people supposed to do?
ReplyDeleteChange your password and add MFA.
Delete12 data breaches 😎 since 2012.
ReplyDeleteThey can have my old gpotato account 🤷🏻
ReplyDeleteI use proton pass. Every site has a unique email and password. I don’t give out the main email address. 2FA where needed. Best I can do.
ReplyDeleteAs usual, most of this stolen data is "recycled" from previous lists. Only 9% is new to Have I Been Pwned.
ReplyDeleteTroy Hunt says "the final number once the entire data set was loaded into HIBP was 91% pre-existing, with 16.4M previously unseen addresses in any data breach, not just stealer logs."
Admittedly, 16.4M is a lot, but not nearly as clickbaity as the big headline number.
Can't read the article while using a VPN, boo.
ReplyDeleteHere you go: https://archive.ph/ZAwD7
DeleteThanks. But that doesn't load through VPN either (only tried once). Other sites are working fine through VPN. Strange.
Delete
ReplyDeleteGmail users have been urged to check their accounts, after it was revealed that more than 183 million passwords were stolen in a data breach.
Australian cyber expert Troy Hunt has disclosed the incident, which has compromised email addresses and their passwords.
He called it a 'vast corpus' of breached data, which totals 3.5 terrabytes.
To put that into perspective, that's the equivalent to 875 full-length HD movies.
Thanks for the post and heads up 😁🙏🏽👍🏽.
ReplyDeleteI hate giving out my email address all over the place, so I have started using one time emails from https://onetimemail.com.au . I use it when I want to sign up for trial versions or even online shopping when I know it is unlikely I will need to return. There are a few sites like that out there, but I like onetimemail cause it has no ads and is pretty easy to use.
ReplyDeleteBoth me and my partner have had emails for unrecognised device login for Facebook and instagram in the last 1hr
ReplyDeleteIts worth noting that this isn't a databreach. This is a third party who has collected and normalized the data from previous data breaches. If you are the type of person to be checking haveibeenpwned for your details after a breach, chances are nothing has changed. They arent scraping hacker forums and getting brand new information without paying for it.
ReplyDeleteWell it is true, it's not a new breach, but they added an additional 180mil email accounts which have been found most recently. So they are unique ones, that weren't in the system before, so it's always worth checking if your email was not found there in the past, just in case.
DeleteThats not what it says at all. The 180 million figure is from synthient- thats the total amount of unique emails in the database.
DeleteThat doesnt mean they arent in haveibeenpwneds database from previous dumps - it just means they removed the duplicates. So if they got your email from 2 seperate places they only keep 1 record of it.
good reminder to check haveibeenpwned. changing passwords and enabling MFA is critical
ReplyDeleteone thing worth mentioning once your email gets leaked, it usually ends up on data broker sites too. spammers buy these lists and your email gets tied to your phone, address, all that stuff
we built crabclear to handle the data broker side of this. after a breach your info spreads to like 1500+ brokers who resell it. most people don't realize how far it goes beyond just the initial leak
so yeah definitely do the password/MFA stuff but also worth cleaning up what brokers already have on you
I constantly send GDPR deletion requests with AgainstData. I think being proactive is better than being reactive.
ReplyDeleteGoogle does not normally keep your google account password as readable text. they store secure hashes or encrypted blobs, which is the industry standard.
ReplyDeleteIt is unlikely to impossible for such a leak to materialize
From what I can understand Google hasn't been breached, but credentials were harvested from many infostealers/ malware. Many of them are Google accounts, I assume since it is one of the most popular email providers
DeleteThis means that it isn't just Google passwords at risk, and people using other providers should also be cautious
But isn't it also possible to crack the hash, if the password is at minimum length? I have understood it's not impossible.
DeleteClickbait, Its not a leak or breach, and it is not new either. IDK why this is doing the rounds again on forbes and other "news" sources. This is a dump of compromised passwords that has been combined from lots of sources collected by malware keyloggers and fake login sites/infostealers.
ReplyDeleteAs always do not use the same password for multiple sites. Use Google's password checking tools that cross reference your saved passwords to known dumps and/or use haveibeenpwned and change passwords as necessary. Also use 2FA for sensitive stuff.
1. At least for tech reporting, Forbes has descended to the level of click bait.
ReplyDelete2. The Salesforce hack involved here exfiltrated data about some companies that buy Google ads.
3. No consumer data was lost. Your Gmail is safe.
It's a serious breach, but it is not about individual Google accounts.
https://arstechnica.com/information-technology/2025/08/google-sales-data-breached-in-the-same-scam-it-discovered/
https://travisasm.com/blog/our-blog-1/google-salesforce-hack-august-2025-what-really-happened-how-businesses-can-stay-safe-135
https://www.axios.com/2025/08/06/google-shinyhunters-salesforce-data-breach
link to the news source please.
ReplyDeleteis Google storing passwords as text ? i thought they only keep the hash.
this was many months ago https://www.forbes.com/sites/daveywinder/2025/10/27/gmail-passwords-confirmed-as-part-of-183-million-account-data-breach/
DeleteAs far as I know, the Google servers were not compromised as such, apparently the data was stolen with infostealer-type malware, in any case it is advisable to change the password and as long as you can activate 2fa
ReplyDeleteYou are late to the party on this one. That happened in May of this year.
ReplyDeleteSource?
ReplyDeletehttps://www.forbes.com/sites/daveywinder/2025/10/27/gmail-passwords-confirmed-as-part-of-183-million-account-data-breach/
DeleteHow can I check if my account is affected?
ReplyDeleteIf you have any concerns, just change your password. IMO your time would be better spent making sure all your passwords are long, random, and unique; that you have 2FA turned on everywhere you can; that you have current recovery options set; and that you can recover your password manager and authenticator apps if you're ever locked out. (If you've already done all of that - yay!)
DeleteSource?
ReplyDeleteBeware of clickbait. This was (several months ago) much hyped in clickbait media. It was nothing more than a rerelease of previous breaches; nothing new whatsoever. It also had nothing to do with Google. Sure, many of the breached data happened to include some Google usernames (i.e. Gmail addresses), but it didn't include their passwords.
ReplyDeleteThis is a non-event that, for some reason, keeps coming back to haunt this forum.
There was actually a new aggregated database of creds created and reported on by legitimate researchers (with mostly old data), but it triggered a new round of clickbait articles from the usual suspects.
Deletehttps://www.troyhunt.com/inside-the-synthient-threat-data/
Agreeing with you, just pointing out why it’s making the rounds again.
Thank you
Deletethis was in MAY .................
ReplyDeleteI knew I remembered seeing something about an absurd number of passwords getting leaked. I just couldn't remember when it happened.
DeleteLink?
ReplyDeletein the comments a few times already
Delete😳
ReplyDeleteTurn on passkey
ReplyDelete