Google denies widespread Gmail password reset warnings

First reported

02.09.2025 17:57

Last updated

27.10.2025 22:32

1 unique sources, 2 articles

Summary

Hide ▲

Google has refuted false claims of a massive data breach affecting Gmail accounts, stating that the compromised credentials were from various sources, not a single breach. The false claims originated from a misunderstanding of infostealer databases and were amplified by the addition of 183 million compromised credentials to Have I Been Pwned (HIBP). Google's security defenses remain robust, and the company advises users to use passkeys to enhance account security. The company had previously refuted similar false claims about a data breach affecting 2.5 billion Gmail accounts.

Timeline

02.09.2025 17:57 2 articles · 1mo ago

Google denies widespread Gmail password reset warnings
Google refuted claims that it issued an urgent warning to all Gmail users to reset their passwords due to a data breach. The false claims originated from a misunderstanding of infostealer databases, which compile various credential theft activities across the web. The compromised credentials were from various sources, including information-stealing malware and other attacks, and not from a single breach. Google's security defenses remain robust, and the company advises users to use passkeys to enhance account security. The false claims were amplified by the addition of 183 million compromised credentials to Have I Been Pwned (HIBP). Google had previously refuted similar false claims about a data breach affecting 2.5 billion Gmail accounts.
Show sources

No, Google did not warn 2.5 billion Gmail users to reset passwords — www.bleepingcomputer.com — 02.09.2025 17:57

Google disputes false claims of massive Gmail data breach — www.bleepingcomputer.com — 27.10.2025 22:32
Open in new tab

Information Snippets

Google denied issuing a broad warning to all Gmail users to reset their passwords.
First reported: 02.09.2025 17:57

1 source, 2 articles
Show sources
- No, Google did not warn 2.5 billion Gmail users to reset passwords — www.bleepingcomputer.com — 02.09.2025 17:57
- Google disputes false claims of massive Gmail data breach — www.bleepingcomputer.com — 27.10.2025 22:32
Google's security defenses block over 99.9% of phishing and malware attacks.
First reported: 02.09.2025 17:57

1 source, 2 articles
Show sources
- No, Google did not warn 2.5 billion Gmail users to reset passwords — www.bleepingcomputer.com — 02.09.2025 17:57
- Google disputes false claims of massive Gmail data breach — www.bleepingcomputer.com — 27.10.2025 22:32
Google advises users to use passkeys to protect accounts from credential theft.
First reported: 02.09.2025 17:57

1 source, 2 articles
Show sources
- No, Google did not warn 2.5 billion Gmail users to reset passwords — www.bleepingcomputer.com — 02.09.2025 17:57
- Google disputes false claims of massive Gmail data breach — www.bleepingcomputer.com — 27.10.2025 22:32
Multiple news outlets and cybersecurity firms reported the false claim.
First reported: 02.09.2025 17:57

1 source, 2 articles
Show sources
- No, Google did not warn 2.5 billion Gmail users to reset passwords — www.bleepingcomputer.com — 02.09.2025 17:57
- Google disputes false claims of massive Gmail data breach — www.bleepingcomputer.com — 27.10.2025 22:32
The false claims originated from a misunderstanding of infostealer databases.
First reported: 27.10.2025 22:32

1 source, 1 article
Show sources
- Google disputes false claims of massive Gmail data breach — www.bleepingcomputer.com — 27.10.2025 22:32
The compromised credentials were from various sources, not a single breach.
First reported: 27.10.2025 22:32

1 source, 1 article
Show sources
- Google disputes false claims of massive Gmail data breach — www.bleepingcomputer.com — 27.10.2025 22:32
Google uses exposed credential collections to warn customers and force password resets.
First reported: 27.10.2025 22:32

1 source, 1 article
Show sources
- Google disputes false claims of massive Gmail data breach — www.bleepingcomputer.com — 27.10.2025 22:32
The false claims were amplified by the addition of 183 million compromised credentials to Have I Been Pwned (HIBP).
First reported: 27.10.2025 22:32

1 source, 1 article
Show sources
- Google disputes false claims of massive Gmail data breach — www.bleepingcomputer.com — 27.10.2025 22:32
The credentials were not from a single platform but from thousands of sites.
First reported: 27.10.2025 22:32

1 source, 1 article
Show sources
- Google disputes false claims of massive Gmail data breach — www.bleepingcomputer.com — 27.10.2025 22:32
Threat actors commonly collect and share exposed credentials on cybercrime platforms.
First reported: 27.10.2025 22:32

1 source, 1 article
Show sources
- Google disputes false claims of massive Gmail data breach — www.bleepingcomputer.com — 27.10.2025 22:32
91% of the 183 million credentials had previously been seen in other breaches.
First reported: 27.10.2025 22:32

1 source, 1 article
Show sources
- Google disputes false claims of massive Gmail data breach — www.bleepingcomputer.com — 27.10.2025 22:32
Google had to previously refute similar false claims about a data breach affecting 2.5 billion Gmail accounts.
First reported: 27.10.2025 22:32

1 source, 1 article
Show sources
- Google disputes false claims of massive Gmail data breach — www.bleepingcomputer.com — 27.10.2025 22:32

Similar Happenings

Phishing Campaign Targets LastPass Users with Fake Death Claims

A phishing campaign is targeting LastPass users with fake death claims to gain access to their password vaults. The campaign, attributed to the financially motivated threat group CryptoChameleon (UNC5356), began in mid-October 2025. The attackers use phishing emails and fake websites to trick users into revealing their master passwords and passkeys. The phishing emails claim that a family member has requested access to the user's LastPass vault by uploading a death certificate. The emails include an agent ID number and a link to a fraudulent page where users are prompted to enter their credentials. In some cases, the attackers also call victims, posing as LastPass staff, to direct them to the phishing site. The campaign is more extensive and enhanced compared to a previous one in April 2024, now also targeting passkeys.

Open in new tab

Credential Stuffing Attacks Target DraftKings User Accounts

DraftKings has notified customers of account breaches resulting from credential stuffing attacks. Attackers used stolen login credentials from other services to access user accounts, potentially viewing personal and financial information. The company has mandated password resets and multifactor authentication for affected accounts. The attacks did not compromise sensitive data such as government-issued identification numbers or full financial account numbers. DraftKings has advised customers to take additional security measures to protect their accounts and personal information.

Open in new tab

VoidProxy phishing service targets Microsoft 365, Google accounts

A new phishing-as-a-service (PhaaS) platform, VoidProxy, targets Microsoft 365 and Google accounts, including those protected by third-party single sign-on (SSO) providers like Okta. The platform uses adversary-in-the-middle (AitM) tactics to steal credentials, multi-factor authentication (MFA) codes, and session cookies in real time. The attack begins with emails from compromised accounts at email service providers, which include shortened links redirecting recipients to phishing sites. The phishing sites are hosted on disposable low-cost domains and protected by Cloudflare to hide their real IPs. VoidProxy's attack flow involves serving a Cloudflare CAPTCHA challenge, filtering traffic, and presenting phishing pages that mimic Microsoft or Google login screens. Federated accounts using Okta for SSO are redirected to a second-stage phishing page impersonating Microsoft 365 or Google SSO flows. The service's proxy server captures usernames, passwords, and MFA codes in transit, and intercepts session cookies for attackers. Okta Threat Intelligence researchers discovered the platform and noted that users with phishing-resistant authentications like Okta FastPass were protected from these attacks.

Open in new tab

Active Government and Law Enforcement Email Accounts Sold on Dark Web

Criminals are selling active government and law enforcement email accounts on the Dark Web for as low as $40 per account. These accounts, from users in the US, UK, India, Brazil, and Germany, are being actively exploited to bypass security measures and commit fraud. The compromised accounts provide access to government-only services and can be used to send emails and impersonate officials, increasing the likelihood of successful phishing and social engineering attacks. The accounts are compromised through methods such as credential stuffing, infostealer malware, phishing, and social engineering. Once purchased, buyers receive full access to the inbox and associated services. This trend represents a shift in cybercriminal strategy, focusing on active accounts to enhance the credibility and effectiveness of their attacks.

Open in new tab

Credential Leaks Surge 160% in 2025

Leaked credentials accounted for 22% of breaches in 2024, a trend that continued into 2025 with a 160% increase. Cyberint, now part of Check Point, reports that leaked credentials are increasingly used for account takeovers, credential stuffing, spam distribution, and extortion. The surge in leaked credentials is driven by automation and accessibility, with infostealer malware and AI-generated phishing campaigns facilitating credential theft. Organizations face significant risks from these leaks, which often go undetected for extended periods. Cyberint's threat detection systems, combined with human analysis, provide a comprehensive approach to identifying and mitigating credential leaks before they are actively exploited.

Open in new tab