What to do if your Gmail password has been hacked as millions of accounts breached

Here is everything you can do to secure your Gmail account following the news of yesterday's data hack.

An investigation into a data breach earlier this year revealed that information linked to 183 million Gmail accounts had been compromised back in April 2025.

Alarm bells were raised about the number of accounts impacted after information, including email addresses, passwords, and URLs, was added to the Have I Been Pwned (HIBP) database, which allows people to check whether their information has been compromised.

According to Troy Hunt, owner of HIBP, a 3.5 terabyte database containing around 23 billion records was uploaded to the website on 21 October.

He added that 92 per cent of the data shared with his site came from previous breaches, while eight per cent (about 16.4 million email addresses and passwords) was new.

Gmail is believed to be one of the main targets of the new data.

It was revealed that 23 billion records may have been compromised in the leak (CFOTO/Future Publishing via Getty Images)

How to check if your Gmail account has been compromised

Concerned that your personal details may have been compromised? Here is what to do.

The first thing to do is log in to your account. If you're unable to, it may be because hackers have been able to change the password. It's also worth asking your contacts if they've received any unusual emails from your account.

Users who are concerned about their personal data being included in the leak can check the security of their email by checking it against the HIBP database here.

Google also has advice on how to recover your Gmail account here.

How to secure your Gmail account

If your account has been compromised in the data leak, the following steps are recommended:

• Change your password immediately. According to International Business Times, only 36 per cent of users regularly update their passwords
• Run a Google Security Checkup on your account to check for any further breaches
• Enable two-factor authentication (2FA) on your account
• Create a Google Passkey, which can be a PIN number, fingerprint or face identification.

Concerned your account is vulnerable? Here is what to do (Getty Stock Images)

What has Google said about the data breach?

Following the investigation, Google provided the following statement to Forbes, urging people to check their account activity and take advantage of additional security measures.

"This report covers broad infostealer activity that targets many types of web activities," the statement read.

"When it comes to email, users can help protect themselves by turning on two-step verification and adopting passkeys as a simpler and stronger alternative to passwords.

"We’ll ask you to change your Google Account password if it might be unsafe, even if you don’t use Password Checkup," the tech company added.

"Additionally, to help users, we have a process for resetting passwords when we come across large credential dumps such as this."

LADbible previously contacted Google for additional comment.