Not concerned, if it were plaintext or decryptable we'd be hearing about it much more loudly.
Use unique passwords, use 2 factor.
this post was submitted on 27 Oct 2025
89 points (95.9% liked)
cybersecurity
5120 readers
49 users here now
An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!
Community Rules
- Be kind
- Limit promotional activities
- Non-cybersecurity posts should be redirected to other communities within infosec.pub.
Enjoy!
founded 2 years ago
MODERATORS
And use proper passwords. IDEALLY just use a password manage... not LastPass... but LastPass is better than nothing
Bitwarden is a good choice
I just reset mine once a week or so to a 20 character random generated blob.
The good news is that the Google leak didn’t show up when I checked myself on haveibeenpwnd.
The bad news is a bunch of other leaks showed up I did not know about…
This is not a breach of 183 million Gmail account passwords. This is a collection of credentials, largely stolen by infostealer malware and circulating among cyber criminals, which was collected by a security researcher and passed on to Have I Been Pwned. Over 90% of the data has already been seen in previous releases.
Adding the details of website URLs, email addresses and passwords to the Have I Been Pwned database, owner Troy Hunt said the data consisted of both “stealer logs and credential stuffing lists” including confirmed Gmail login credentials.
The “confirmed Gmail login” bit comes from contacting one of the victims at random to verify the data and he confirmed the password was his Gmail password. It doesn’t appear to be a Gmail breach, just the results of credential stealing happened to include some people logging into Gmail.
Edit: Perhaps a more useful link is the original blog post from Have I Been Pwned’s Troy Hunt.
Ooooh, I thought for a moment...