Warning to anyone with a Gmail account as millions of passwords stolen

Gmail users have been urged to check their accounts and change their passwords urgently after an alleged major security breach. A cybersecurity expert says more than 183 million passwords were stolen.

The alleged incident happened in April but has only now been disclosed, reports suggest. Expert Troy Hunt, who revealead the purported data breach, said the incident is not a single breach but a collection of "stealer logs". He said these "expose the credentials you enter into websites you visit then login to".

Speaking to the Daily Mail, he said it was not just Gmail affected, saying "all the major providers have email addresses in there".

He added: "They're from everywhere you could imagine, but Gmail always features heavily."

The alleged incident has been disclosed on Mr Hunt's Have I Been Pwned Website.

People are being encouraged to visit the site and enter their email address in the search bar to see whether they have been affected.

The site is designed to show the user a list of any data breaches over the past decade involving the email address they have provided.

Mr Hunt claimed 3.5 terabytes of data has been exposed in the latest incident, describing it as a "vast corpus" of breached data.

According to the Mail, the expert said it is not only a person's email account password that is at risk.

He also warned unique passwords linked to the email address that they use on other sites could also have been compromised.

Those affected by the reported breach are being urged to change their email password as soon as possible and ensure two-factor authentication is enabled.

A Google spokesperson told the Express: "Reports of a Gmail security "breach" impacting millions of users are entirely inaccurate and incorrect.

"They stem from a misreading of ongoing updates to credential theft databases, known as infostealer activity, whereby attackers employ various tools to harvest credentials versus a single, specific attack aimed at any one person, tool or platform.

"We encourage users to follow best practices to protect themselves from credential theft, such as turning on 2-step verification and adopting passkeys as a stronger and safer alternative to passwords, and resetting passwords when they are exposed in large batches like this."