Key Takeaways
- Google has confirmed that a massive data leak does, in fact, include millions of Gmail passwords.
- The company noted that turning on 2-factor authentication and passkeys could mitigate the risks.
- The breach is yet another example of huge tech platforms representing valuable targets for cyber criminals in 2025.
It’s time to change your Gmail password, with Google confirming that millions of user credentials were included in a massive data leak.
The state of cybersecurity in 2025 is pretty bleak. Data breaches and leaks have become an unfortunately common part of the business landscape, and user privacy has been the primary casualty.
Fortunately, there are steps you can take to ensure that you and your business don’t suffer the consequences of these attacks.
Google Confirms Massive Leak Includes Gmail Passwords
According to an entry in Have I Been Pwned, a massive data leak, which made 183 million email credentials vulnerable, does include a huge selection of Gmail email addresses and, more importantly, passwords.
The breach, which originated in April 2025, not only includes Gmail credentials, but also a huge data set of other email addresses and passwords, representing a significant threat to online security for millions.
This just in! View
the top business tech deals for 2025 👨💻
This means that hackers will not only have access to Gmail accounts of millions of users, but also the dozens if not hundreds of other services that use Google credentials as a sign on method.
What to Do About Gmail Data Leak
When online platforms are breached like this, users can sometimes panic. Fortunately, there are some clear steps you can take, according to Google, that should mitigate the risks and improve your online privacy.
“This report covers broad infostealer activity that targets many types of web activities. When it comes to email, users can help protect themselves by turning on 2-step verification and adopting passkeys as a simpler and stronger alternative to passwords.” – Google spokesperson to Forbes
In addition to 2-factor authentication and passkeys, Google also recommends using its password checkup feature in the Chrome password manager, which can check if your password is compromised, as well as its overall password health and strength.
Big Tech and Cybersecurity in 2025
It’s no secret that big tech has been struggling in the fight against cybercrime over the last few years. This data leak of email credentials that impacted Google is barely the tip of the iceberg, with attacks becoming more and more common across the industry.
In fact, in just the last month, massive breaches of cybersecurity firm F5 and America Airline subsidiary Envoy Air have exposed the user data of millions, exposing them to potentially dire consequences.
Suffice to say, the business world has a serious security problem, and if they can’t find a way to curb these hackers in a major way, customers are going to start paying the price.
