"The confusion appears to have started after Have I Been Pwned (HIBP) creator Troy Hunt announced he had added a large dataset of 183 million credentials to the breach notification service. The data was shared with Hunt by Synthient, a threat intelligence platform that collects and analyzes information from infostealer malware logs. As Hunt explained in a blog post, the collection reflects years of infostealer activity rather than a single new compromise - and certainly not a targeted attack on Gmail."
"Infostealer databases, which are continuously aggregated from infected browsers, phishing kits, and cracked software, often contain Gmail addresses simply because so many users reuse them across the internet. When such collections resurface, they're frequently misinterpreted - or sensationalized - as fresh breaches. Google said it regularly scans for large caches of stolen credentials and prompts affected users to reset passwords when necessary."
Reports alleged a massive Gmail breach impacting 183 million accounts, but Google labeled the reports false and attributed them to recycled credentials aggregated by infostealer databases. Have I Been Pwned creator Troy Hunt added a dataset of 183 million credentials to his breach notification service; the dataset was shared by Synthient and reflects years of infostealer malware activity rather than a single new intrusion. Infostealer databases aggregate credentials from infected browsers, phishing kits, and cracked software, often containing Gmail addresses due to reuse. Google regularly scans for caches of stolen credentials and prompts affected users to reset passwords when necessary.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]