In partnership with

The Big Sip

Image: BleepingComputer

The take: The 183 million Gmail password leak stems from malware infections on individual devices, not a Google server breach.

Users who reused passwords across multiple websites and had malware-infected devices are exposed.

What happened: On 21 October 2025, cybersecurity researcher Troy Hunt added 183 million unique email addresses and passwords to Have I Been Pwned.

Compiled from a year of monitoring infostealer malware by college student Benjamin Brundage at Synthient LLC, who tracked credentials stolen from infected devices across Telegram channels, dark web forums, and social media.

Why it matters: Google's servers weren't compromised.

16.4 million people had their credentials added to a breach database for the first time, exposing them to credential-stuffing attacks.

These credentials were stolen from devices infected with malware, often through saved browser passwords and malicious email attachments.

What to watch: Infostealer malware infections surged 800% in the first half of 2025 according to Flashpoint's midyear report, with Synthient's system recording 600 million stolen credentials in a single day at peak activity.

More leaks are likely until users adopt stronger password practices and security measures.

[Report] BleepingComputer confirms Google's response, published 27 October 2025.

Google posted on X that "reports of a Gmail security breach impacting millions of users are false" and explained the compromised accounts stem from "a compilation of credentials stolen by information-stealing malware and other attacks over the years," not from any breach of Gmail's infrastructure.

The problem isn't that Gmail's vulnerable. It's that millions of us treat our passwords like house keys we hide under the doormat.

Before we jump into today’s brew, here are some words from today’s sponsor…

Introducing the first AI-native CRM

Connect your email, and you’ll instantly get a CRM with enriched customer insights and a platform that grows with your business.

With AI at the core, Attio lets you:

  • Prospect and route leads with research agents

  • Get real-time insights during customer calls

  • Build powerful automations for your complex workflows

Join industry leaders like Granola, Taskrabbit, Flatfile and more.

👉Try Attio Pro for free

Here’s Your Brew

Subscribe to keep reading

This content is free, but you must be subscribed to Curse and Coffee to continue reading.

I consent to receive newsletters via email. Terms of use and Privacy policy.

Already a subscriber?Sign in.Not now

Reply

or to participate

Keep Reading

No posts found

© 2025 Curse and Coffee.

Privacy policy

Terms of use

Powered by beehiiv