How to check if your Gmail is involved in a data breach

It has been reported that about 183 million Gmail accounts, alongside users’ passwords, were compromised earlier this year.

Website Have I Been Pwned (HIBP) allows users to enter their email address to see if it is in a data breach.

The breach was revealed after the HIPB database added Gmail’s URLs, email addresses, and passwords to its database.

How to avoid scams

Around 183 million Gmail addresses and passwords involved in data breach

As reported by Forbes , Have I Been Pwned (HIPB) database owner Troy Hunt said the Gmail data leaked consisted of both “stealer logs and credential stuffing lists”, including login credentials.

The HIPB website says: “During 2025, Synthient aggregated billions of records of “threat data” from various internet sources.

“The data contained 183 million unique email addresses alongside the websites they were entered into and the passwords used.

“After normalising and deduplicating the data, 183 million unique email addresses remained, each linked to the website where the credentials were captured, and the password used.

“This dataset is now searchable in HIBP by email address, password, domain, and the site on which the credentials were entered.”

New stealer logs: Synthient aggregated billions of threat data records from social media, forums, Tor and Telegram. The stealer log data alone included 183M unique email addresses. 91% were already in @haveibeenpwned. Read more: https://t.co/wGgBEAZ2pr

— Have I Been Pwned (@haveibeenpwned) October 21, 2025

Speaking to Forbes, Mr Hunt said: “The output of the stealer logs concerned consisted primarily of three things: website address, email address and password.

“Someone logging into Gmail ends up with their email address and password captured against Gmail.com, hence the three parts.”

He added that 92 per cent of the data shared with HIBP came from previous breaches, while eight per cent (16.4 million email addresses and passwords) was new.

How to check if your Gmail has been involved in a data breach

The HIPB website can help anyone concerned about their account login security.

The free tool allows internet users to check whether their personal data has been compromised by data breaches.

The website’s name is explained, and originates from the word “pwned”, which originates in video game culture, being derived from the word “owned”, due to the proximity of the “o” and “p” keys.

Should You Charge Your Phone Overnight?

It’s typically used to imply that someone has been controlled or compromised, for example, “I was pwned in the Adobe data breach”.

You can check if your email was involved in a data breach online here.

This can be used for Gmail or users of other sites.

Recommended reading:

If your email appears on the list, it is advised that you change your Gmail password.

Ensure the same password involved during the breach is also not being used on any other accounts.

Newsquest has contacted Google for a statement.