Mild
It's a mild breach. Just take paracetamol and go for a walk.
Google says reports of a Gmail breach have been greatly exaggerated
Panic spread faster than a phishing email on Tuesday after claims of a massive Gmail breach hit the headlines – but Google says it's all nonsense. The ad giant moved quickly to quash reports that more than 183 million Gmail accounts had been compromised in a "major security breach." The claims, which appeared in numerous …
-
-
-
This post has been deleted by its author
-
-
-
Tuesday 28th October 2025 13:43 GMT heyrick
and update passwords that appear in breach notifications
There really ought to be an option where this thing will email the breached address a list of passwords associated with the address. Because my GMail address is included in this, but the last time I went digging (for an old Yahoo address, many years ago) they had the address and some nonsense password along with it. Also, knowing the password(s) may well uncover the origin of the information. Just saying "your email address turned up on three lists" doesn't really help, it's an address that I use as one of my go-to addresses when I sign up for stuff that needs an email address (and I may have forgotten a few of them [*]). It could have been Google, it could have been dozens of other services...
* - Didn't Deezer get hacked? That may be an origin as I had it free with my mobile phone back circa 2009ish.
-
Wednesday 29th October 2025 08:19 GMT Martin M
Re: and update passwords that appear in breach notifications
This would be a dreadful idea as it would mean that haveibeenpwned would have to have store/email plaintext passwords, which would go against the most basic password security principles. Just because the passwords were compromised by one attacker doesn’t mean they’re not still valuable to others.
Many password managers automatically screen locally stored passwords (through partial hash comparisons) to see if they have turned up in dumps. Use one of those and put the passwords you know about in it, and you’ll be alerted.
If you can recognise which service you used a password for from its plaintext, your password generation approach almost certainly needs - ahem - some work. Go and reset every password for every service you can remember to a randomly generated one, stored in a password manager, ASAP.
-
-
Wednesday 29th October 2025 04:17 GMT Groo The Wanderer - A Canuck
I'll simply point out that every single one of those "major news sources" has a bone to pick with Google for "stealing" their advertising revenue and subscription eyeballs and wallets. No bias there... or reason to inflame a minor "situation" as if it were the end of the world (at least to typical users in the public sphere.)
-
Wednesday 29th October 2025 07:38 GMT Always Right Mostly
Consider the source
When I first saw this "news" my reaction was "Thtat's a puny number of users" given we're talking Google, so straight away filed it as "meh, next". That the news broke on any of The Daily Mail, The Mirror, Forbes, The Independent, and the New York Post basically confirms its bullshit.
Glad to see it debunked.
-
Wednesday 29th October 2025 10:30 GMT Anonymous Coward
As the late Andy Stewart* sang, nothing travels faster than rumour.
*A Scottish singer who was well know to the more senior generations in the UK though his regular appearances on TV's White Heather Club. He was a good singer (albeit not a style that is to everyone's taste) but he made a spoken recording entitled "The Rumour". It's available eon streaming platforms - and to someone who is familiar with the wide variety of Scottish accents and dialects, it's an extremely clever piece of work. To those who think everyone in Scotland sounds like a Weegie (think Russ Abbot), it will either be a revelation or totally pointless.
-
Wednesday 29th October 2025 11:45 GMT frankvw
So what's the big deal?
Another day, another Gmail breach. Nefarious ne'er-do-wells may (and probably will) have gained access to your email. Again.
So what? It's not like Google doesn't scan your email in any case in order to aggregate the results and sell the harvested data to whomever will pay for it!
But wait, you cry, they're not scanning for confidential details such as names, dates of birth, social security numbers, credit card details and what not!
Oh? Aren't they? Maybe they are, and maybe they aren't. Granted, so far there's been no indication that they have. But seeing as they can scan your email for whatever they want, your email isn't safe with Google even if they don't get hacked! All it takes is one untrustworthy employee who needs a side hustle
But whatever the case may be, let's face it: when it comes to ethics, morally sound business practices and putting principles before profits, the Googleplex does't exactly have a stellar track record. So judging them by what they do rather than by what they say, a hack more or less doesn't really move my needle when it comes to trusting Google with my confidential correspondence.
-
Wednesday 29th October 2025 14:25 GMT glennsills@gmail.com
There is no such thing as a free lunch.
If it seems to be free, someone has made it hard to identify the costs. Of course, your privacy is at risk when you use a free email server. Google makes its money by selling your data. People should switch to a paid service like Proton Mail and get security and privacy.
Biting the hand that feeds IT
