No, 183 Million Gmail Accounts Weren’t Hacked - Here’s What Really Happened

A dataset of 183 million email-and-password pairs that appeared this week on a breach-notification platform has drawn wide attention, but security researchers say it mostly repackages credentials already circulating in older infostealer logs rather than revealing a new hack.

The entry, listed on October 21 under the name Synthient Stealer Log Threat Data, was built from billions of records gathered across malware repositories and underground forums before being merged and deduplicated into 183 million unique accounts. A technical analysis found that more than 90 percent of the addresses had already appeared in previous leaks, leaving about 16 million that were new to the database, according to a post explaining the dataset.

Many of the entries reference Gmail addresses, but Google said its own systems were not compromised. The credentials were collected from infected devices running information-stealing malware that captured usernames and passwords as users logged in to various sites, not from any breach of Google’s infrastructure. The collection was later aggregated and made searchable on the breach-notification site, as described in a follow-up analysis.

Despite the recycled nature of the data, analysts warn that it can still fuel credential-stuffing and account-takeover attacks, particularly where users reuse passwords. The indexing of the dataset makes it easier for individuals to check whether their email addresses appear in the logs and reset compromised credentials, a fact highlighted by security researchers.

Experts describe the hype around the “183 million” figure as disproportionate to the actual risk. The incident underscores how stolen credentials are continuously recycled and rediscovered, serving as a reminder that strong, unique passwords and multi-factor authentication remain the best defenses against account compromise.