Hackers gathered a huge haul: 183 million sets of email addresses + passwords, including tens of millions tied to Gmail accounts.
The breach wasn’t from Google being hacked. Instead, malware called “infostealers” grabbed login info from infected devices and sold it online.
About 16.4 million of the exposed credentials were ones never seen before in earlier leaks.
Because many people reuse passwords across sites, this leak puts any of your accounts at risk—even ones you didn’t think were connected.
What you should do right now:
Visit a site like Have I Been Pwned, and check if your email shows up in breaches.
Change your password for your email and any other site where you used the same or a similar password.
Turn on two-factor authentication (2FA) everywhere possible.
Use unique passwords (or better: a password manager) so if one account gets compromised, others stay safe.
Make sure your computer or device is free of malware (infostealers often live there). Don’t download sketchy browser extensions or software.