Overview
- Have I Been Pwned reports more than 180 million passwords in a newly publicized compilation of leaked credentials and offers a lookup for users to check exposure.
- Google says Gmail was not hacked and attributes the dataset to credential theft from infected devices collected across the web.
- Users are advised to reset any compromised passwords, switch on 2‑step verification, and adopt passkeys as a more secure sign‑in method.
- A large share of entries include Gmail addresses because of the service’s ubiquity, not because it was specifically targeted.
- Initial headlines suggesting a Gmail breach followed updates highlighted by Troy Hunt, and Google later clarified its guidance in a post on X.