Are you using Google for everything online? Here’s why you should check your inboxes now

When Australian cybersecurity experts call a data breach a 'vast corpus' of stolen information, you know it's serious.

Latest information about our online spaces has sent shockwaves throughout the internet.

With this information coming to light, here's how you stay safe online.

About 183 million unique email addresses and passwords have been compromised, with the treasure trove of data dating back to April 2025 but only recently coming to light.

The breach affected about 23 billion records, equating to 3.5 terabytes of stolen data.

However, what makes this breach particularly concerning is that Gmail was one of the largest categories included in the stolen data, affecting millions who use the service for social media, banking and finance, and even government services.

What makes this breach different

Unlike a typical company data breach, where hackers target a single organisation, this incident involves 'stealer logs'-data files collected through malware installed on victims' devices over the past year.

'Stealer logs are more of a firehose of data that's just constantly spewing personal info all over the place,' cybersecurity expert Troy Hunt explained.

'Once the bad guys have your data, it often replicates across numerous channels and platforms,' Hunt, the founder of cybersecurity website Have I Been Pwned, added.

This explanation means the breach doesn't just affect Gmail. Passwords used on platforms like Amazon, eBay, and Netflix may have been exposed if you use the exact login details across multiple sites.

Meet the Australian who's keeping us all safer

Troy Hunt, the Gold Coast-based cybersecurity expert behind Have I Been Pwned, has become something of a digital guardian angel for the internet.

He established the free website after what was, at the time, the largest ever single breach of customer accounts: Adobe.

Since then, his platform has helped millions of people discover if their personal information has been compromised in data breaches.

So... What do I do next?

If your email appears in the breach results, don't panic, but act quickly.

Create a strong new password for your email account and enable two-factor authentication (2FA) - a feature that adds an extra security layer by requiring a verification code sent to your phone.

If you've used the same password on other websites, it's time to change those passwords too.

The password problem plaguing Australian seniors

Information-stealer malware infections have surged by over 40 per cent this year, primarily driven by phishing campaigns and malicious browser extensions.

Many older Australians unknowingly put themselves at risk by reusing the same password across multiple accounts.

This habit turns one breach into a potential disaster affecting all their online services.

This breach proves that even careful users aren't safe when malware targets their devices rather than the services they trust. Your Gmail security is only as strong as your weakest online habit.

Security expert Graham Cluley emphasises the importance of unique passwords: 'You won't be able to remember them by yourself, so use a password manager to do it for you.

'Always enable multi-factor authentication when available for a higher level of protection.'

The silver lining in this digital storm

While this news might seem overwhelming, there's a positive aspect to it.

Hunt's analysis shows that around 92 per cent of the breached passwords had appeared in previous leaks, with eight per cent—or 16.4 million—completely new email account credentials never seen before.

This means that most people already knew their information had been compromised and had hopefully taken steps to secure their accounts.

Looking ahead: better security practices

The frequency of these breaches underscores the need for cybersecurity experts to advocate for password-less authentication methods.

Experts are also calling for broader adoption of passkeys and biometric verification to reduce reliance on vulnerable password databases.

Until such systems become mainstream, users are encouraged to update passwords and use reputable password managers routinely.

Have I Been Pwned was established in 2013, so anyone online can check their information. Image Credit: Have I Been Pwned

The most important thing you can do right now is check if your email appears in this breach.

If you're not affected by the breach, it's worth bookmarking Have I Been Pwned and checking your emails occasionally through the website.

Every time you strengthen your online defences, you're not just protecting your own information—you're making it harder for criminals to succeed and protecting the broader online community.

Have you checked your email address on Have I Been Pwned? What steps are you taking to improve your online security? Share your experiences and tips with fellow community members below—your insights could help keep others safe.