Panic spread on Tuesday after multiple outlets published claims that more than 183 million Gmail accounts had been compromised, but Google said the reports were false and urged users that Gmail remains protected by its defenses.
The claims followed an update to the Have I Been Pwned service in which its creator, Troy Hunt, announced he had added a large dataset of 183 million credentials originally shared with him by Synthient, a platform that gathers and analyses infostealer malware logs.
Google posted on X that the coverage mischaracterised the dataset and that there is no evidence of a targeted Gmail intrusion; the company said the reports were the result of a misunderstanding of infostealer databases and that users remain protected and monitored for suspicious activity.
Security researchers and services say infostealer collections compile credentials from infected browsers, phishing kits and cracked software over time, and often include Gmail addresses because many people reuse them across sites. Such aggregated data can be mistaken for a fresh platform-specific breach when it resurfaces.
Google said it regularly scans for large caches of stolen credentials and prompts affected users to reset passwords when necessary. The company added that it takes action on batches of open credentials to help users resecure accounts.
Troy Hunt expressed frustration at the coverage, saying the headlines risked misleading readers and prioritising page views. Security advice remains unchanged: enable two-step verification, switch to passkeys where available, and update passwords that appear in breach notifications. The reporting did not identify evidence of a new, platform-specific Gmail compromise.