In a dramatic escalation of cyber threats on 26 October 2025, Forbes revealed that Gmail passwords are confirmed within a colossal 183 million account data breach from April 2025, exposing users to immediate phishing risks and unauthorised access. This password breach imperils 2.5 billion Gmail users worldwide, as compromised credentials fuel ‘successful intrusions’ by hackers exploiting outdated security practices.
With only 36 per cent of individuals ‘regularly update passwords’, the urgency to change password, enable two-factor authentication (2FA), and adopt passkeys has never been greater amid this Google security alert and rising data leak concerns.
The 2025 Gmail Data Leak Exposed: What Really Happened?
Cybersecurity alarms rang loud when researchers verified ‘184,162,718 passwords and logins‘ in a breach first detected in April 2025, with Gmail credentials explicitly captured. This incident, involving ‘183 million passwords and login credentials’, surfaced anew on 21 October 2025 as part of a 3.5 terabyte dump containing 23 billion rows of data, including website addresses, email addresses, and passwords.
Expert Scott Hunt explained, ‘Someone logging into Gmail ends up with their email address and password captured against gmail.com’. Alarmingly, eight per cent of these—over 14 million—are fresh credentials, encompassing 16.4 million previously unseen email addresses from ALIEN TXTBASE stealer logs.
A related August 2025 Salesforce database compromise leaked customer names but ‘not passwords’, yet it ignited scammers impersonating Google staff via emails and calls. X user Mario Nawfal warned, ‘2.5 BILLION GMAIL USERS AT RISK AFTER GOOGLE BREACH’, highlighting hackers tricking employees and the ShinyHunters group’s role.
🚨 2.5 BILLION GMAIL USERS AT RISK AFTER GOOGLE BREACH
Hackers tricked a Google employee and accessed sensitive data via Salesforce, a cloud platform used to manage Gmail accounts.
The group behind it, ShinyHunters, stole company names and customer contact info – now being used… https://t.co/tm8ahu6xM8 pic.twitter.com/Uj8neYtViG
— Mario Nawfal (@MarioNawfal) August 25, 2025
Ninety-two per cent of credentials were recycled from prior leaks, but the novelty amplifies the phishing peril in this cybersecurity crisis.
Essential Immediate Action: Change Your Gmail Password Now
Google has issued an urgent warning to more than 2.5 billion Gmail users after a breach connected to a Salesforce cloud system exposed account information, urging users to ‘change their Gmail password immediately’. This follows the ShinyHunters hacking group’s voice phishing attacks on corporate Salesforce instances in August 2025, where attackers deceived employees into granting access to basic business data like contact details.
Start by running a Google Security Checkup to spot suspicious activity, then navigate to your account settings on a trusted device to create a robust password—minimum 12 characters blending uppercase, lowercase, numbers, and symbols. Revoke any unfamiliar sessions via the security dashboard, directly countering risks from the 183 million credential leak.
Check for exposure on sites like Have I Been Pwned, targeting the April 2025 incident’s Gmail logins. As scammers impersonate Google staff to pressure password resets over calls, stay vigilant against such tactics. These prompt measures thwart credential theft by groups like UNC6040, restoring your account’s integrity swiftly.
Building Phishing-Proof Defences: Enable 2FA and Passkeys
Fortify your defences by enabling two-factor authentication or passkeys for stronger login security, as recommended amid the phishing surge from the Salesforce-linked breach. Google’s blog emphasises that ‘MFA is an essential, effective tool to enhance protection against unauthorised account access’, blocking 99 per cent of automated attacks targeting Gmail.
Configure 2FA using authenticator apps rather than SMS for resilient verification, then activate passkeys—device-tied biometrics—for phishing-resistant, password-free access. Following the August 2025 incident, fraudsters have escalated vishing tactics, posing as support staff to extract credentials via fake resets.
Be wary of unsolicited communications demanding urgent action, a hallmark of UNC6040’s extortion playbook. With low adoption leaving millions exposed, these upgrades—passkeys replacing traditional logins—deliver lasting safeguards against the 2025 leak’s ongoing threats.
Originally published on IBTimes UK
