What Happened
In October 2025, a massive 3.5-terabyte dataset named “Synthient Stealer Log Threat Data,” compiled by Synthient LLC from infostealer malware logs (such as RedLine and Vidar) infecting personal devices, was discovered online and added to Have I Been Pwned on October 21, exposing approximately 183 million unique email addresses and plaintext passwords from various services, including tens of millions of Gmail accounts—of which 16.4 million credentials were previously unseen. This was not a direct breach of Google’s systems or Gmail specifically, but an aggregation of credentials stolen via malware, phishing, and other attacks over time, with data collection traced back to around April 2025; Google confirmed no unique Gmail hack occurred and emphasized its defenses remain strong. The leak raises risks of credential stuffing, account takeovers (even bypassing 2FA via stolen cookies/tokens), and phishing, prompting experts like Troy Hunt to urge users to check Have I Been Pwned, change passwords, enable MFA or passkeys, and run Google’s Security Checkup.
