Security company Tenable has responded to reports about 183 million stolen Gmail passwords, saying Google was not hacked. The leaked data came from old breaches and malware, not from Google’s systems.
Tenable’s Satnam Narang explained that the credentials were collected by infostealer malware. This type of software infects devices and records login details, including Gmail usernames and passwords. The stolen data was then shared with HaveIBeenPwned, a site that tracks data breaches.
According to Troy Hunt, who runs the site, 91% of the leaked credentials were already known. About 16.4 million email addresses were new, but not all may be valid.
Tenable warned that the real danger is password reuse. If people use the same password across different sites, attackers can use stolen credentials to break into accounts. This method is called credential stuffing.
Also Read: These are the 20 most commonly used passwords in the Philippines
To stay safe, Tenable recommends using strong, unique passwords for each account. They also suggest turning on multi-factor authentication (MFA), which adds an extra step to logins. Password managers, tools that store and create secure passwords, can also help.
