Massive data breach exposes 183 million email passwords, including Gmail accounts
California: A massive data breach has emerged online, compromising millions of email accounts along with their passwords, with a significant number reportedly linked to Gmail users.
The breach, affecting over 183 million records, was recently discovered and added to the Have I Been Pwned (HIBP) database, a widely used platform that allows users to check whether their credentials have been compromised.
According to a report published by India Today, the exposed dataset, called “Synthient Stealer Log Threat Data,” is among the largest email-password leaks reported in recent months.
However, Google’s servers were reportedly not breached. The stolen information reportedly originated from devices infected by malware. The device collected credentials directly from users’ browsers and computers rather than Gmail’s internal systems.
Cybersecurity expert Troy Hunt, who runs HIBP, said the data came from logs created by infostealer malware, malicious programs that silently record login information, browser cookies, and authentication tokens from infected systems. “This wasn’t the result of a single company being hacked,” Hunt noted. “It’s a collection of information stolen from numerous compromised devices across the world.”
With 183 million unique email addresses paired with plaintext passwords, the dataset was uploaded to HIBP on October 21, 2025. Many of these mail ids are associated with Gmail. Analysts say plaintext storage has increased risk, as attackers can immediately use or sell the credentials on dark web marketplaces.
Warning has been issued by security experts that infostealer malware not only steal login credentials but it is also capable of intercepting browser cookies and authentication tokens, which will allow scammers to bypass two-factor authentication in certain cases.
While Google stated that its systems were not breached, it recommended users utilize its Security Checkup tool to identify suspicious devices or third-party apps linked to their accounts.
“Reports of a Gmail security ‘breach’ impacting millions of users are entirely inaccurate and incorrect,” New York Post quoted a Google spokesperson as saying.
“They stem from a misreading of ongoing updates to credential theft databases, known as infostealer activity, whereby attackers employ various tools to harvest credentials versus a single, specific attack aimed at any one person, tool or platform," the spokesperson added.
In a report published by Yahoo News, Michael Tigges, a security analyst at Huntress noted, “The event here is not one of any specific data breach, but instead aggregated and uploaded data from millions of stealer malware log.” He further added that the attack should serve as a warning to anyone who relies on their web browsers to store credentials.
According to security experts from Cyber Insider and Forbes, the main problem is password reuse across many platforms. Experts further added that users make it easy for the attackers to gain access to banking, shopping, or workplace systems associated with the same email address by using the same passwords for several accounts. They recommended users to opt for hardware-based security keys or passkeys instead of SMS verification for stronger protection.
Users can check whether their data was exposed on (https://haveibeenpwned.com/). They are also advised to protect their accounts by immediately changing the passwords, using a unique, strong combination password, and enable two-factor authentication, if they find their credentials at risk.
Let the Truth be known. If you read VB and like VB, please be a VB Supporter and Help us deliver the Truth to one and all.
Regulator DGCA eases flight duty norms for pilots amid IndiGo crisis
Mumbai (PTI): Aviation watchdog DGCA on Friday eased the flight duty norms by allowing substitution of leaves with a weekly rest period amid massive operational disruptions at IndiGo, according to sources.
As per the revised Flight Duty Time Limitations (FDTL) norms, "no leave shall be substituted for weekly rest", which means that weekly rest period and leaves are to be treated separately. The clause was part of efforts to address fatigue issues among the pilots.
Citing IndiGo flight disruptions, sources told PTI that the Directorate General of Civil Aviation (DGCA) has decided to withdraw the provision 'no leave shall be substituted for weekly rest' from the FDTL norms.
ALSO READ: 49 Indigo flights likely to be cancelled from Hyderabad
"In view of the ongoing operational disruptions and representations received from various airlines regarding the need to ensure continuity and stability of operations, it has been considered necessary to review the said provision," DGCA said in a communication dated December 5.
The gaps in planning ahead of the implementation of the revised FDTL, the second phase of which came into force from November 1, have resulted in crew shortage at IndiGo and is one of the key reasons for the current disruptions.
#BREAKING: #DGCA relaxes a clause which debarred airlines to club leaves with weekly rest to mitigate #IndiGo crisis
— Economic Times (@EconomicTimes) December 5, 2025
🔴 Catch the day's latest news here ➠ https://t.co/8eVBGnsJUA 🗞️ pic.twitter.com/KUWc8R2Kso
