How to check if your Gmail password has been hacked as millions of accounts breached

With millions of Gmail accounts having been breached, you may be wondering how to check if your own email has been hacked.

And to be honest, if you haven’t been, you probably should check.

That’s because it has come to light that around 183 million Gmail accounts have been compromised as a result of a huge data breach. Earlier this year, users’ passwords were revealed with stolen data said to feed into a mega 3.5 terabyte database with around 23 billion records.

So that means it can be a big concern for those who use Gmail, especially given that the email login can span across various platforms on Google, from cloud storage and documents to other personal credentials like online banking.

While the first port of call now should be changing your password, tech security experts have plenty of advice.

Millions were compromised. (CFOTO/Future Publishing via Getty Images)

The Gmail breach

Reported by Forbes Business, there are all those billions of records, with the majority of information coming from the Synthient threat-intelligence project. That was the year-long project following the activities of infostealers, with data aggregated from the likes of forums, social media and the dark web.

This mega breach was revealed after the website URLs, email addresses and passwords were added to the Have I been Pwned (HIBP) database, with the website owner, Troy Hunt, saying the stolen data included ‘stealer logs and credential stuffing lists’.

He claimed 92 percent of the data shared with his site came from previous breaches, while eight percent (about 16.4 million email addresses and passwords) was new.

And among all that data, Gmail was one of the largest subgroups in which accounts were directly compromised.

Google has issued advice (stockcam/Getty stock photo)

Official advice from Google

A spokesperson for Google told Forbes: "This report covers broad infostealer activity that targets many types of web activities.

"When it comes to email, users can help protect themselves by turning on two-step verification and adopting passkeys as a simpler and stronger alternative to passwords."

It also said that those who believe they may have had their account compromised should sign in and check their activity immediately. But if they are unable to gain access, go to the account recovery page for help.

Also, on Google's Help Centre, users should be able to check if any passwords have been compromised using the password checkup on the Google Password Manager.

"We’ll ask you to change your Google Account password if it might be unsafe, even if you don’t use Password Checkup," the tech company added.

"Additionally, to help users, we have a process for resetting passwords when we come across large credential dumps such as this."

Security experts have shared advice. (Getty Stock Image)

How to check if your email has been hacked and how to recover it

Not just limited to Gmail, security experts at McAfee have shared the signs that your email account has been hacked.

First up, somewhat obvious, is that you simply can’t log into your account. Your password may be rejected as a result of the hacker logging in and changing it.

Or, you might get a message from one of your contacts asking if you ‘really sent’ an email. That might include the likes of something that is spam being sent from your email address.

Similar to the advice from Google, the experts say ‘regaining control’ of your email quickly is crucial.

It advises using the provider’s recovery service, like Google’s email recovery page in that breach’s case. So, make sure when you set up those security questions and alternate contact info you actually remember them.

Users can also use HIBP to check if their account has been breached by searching with their email here.

Again, it’s vital to change your password to something strong and unique without reusing one from another account. The experts then also advise updating passwords for other accounts if you use the same or similar passwords.

It’s also recommended to enable two-factor authentication, check on your other accounts for unusual activity and reach out to your email contacts to let them know your email was compromised.

“Your email account is one of the several pieces that make up the big picture of your online identity,” McAfee says.

LADbible contacted Google for additional comment.