Google Refutes Breach Affecting 183M Emails And Windows Faces Vulnerabilities

According to a blog post published by Troy Hunt, Microsoft Regional Director and Microsoft Most Valuable Professional, and the creator and operator of data breach search website Have I Been Pwned? (HIBP), over 183 million unique email addresses were found in stealer logs.

Stealer logs are created by bad actors leveraging infostealer malware, which runs on infected machines and captures credentials entered on websites. They primarily catch data such as website addresses, email addresses, and passwords.

HIBP got the data from Benjamin Brundage, a college student who worked as an analyst at Synthient. The collection came from a wide range of sources, including Telegram, Tor Network, forums, and social media sites.

In the end, the collection’s size surpassed 3.5 terabytes, with the largest file being 2.6 terabytes. Totally, it spanned 23 billion rows.

However, as per HIBP, 91% of the data was previously seen in results on its website. On the other hand, 9% of this large number consisted of previously unseen addresses—meaning that 16.4 million emails were new to the website’s database, not just in stealer logs but being a stranger to any data breach.

HIBP even took steps to determine the legitimacy of the breach by contacting several of its subscribers to verify. One of the respondents said, “Yes I can confirm that was an accurate password on my Gmail account a few months ago,” while another one said, “They all look like websites I have used and some still do use.”


HIBP reported that the incident occurred in April and has only just been disclosed, and Synthient’s report said the company began monitoring several platforms “close to a year ago.”

While the breached data includes login data of users from Yahoo, Outlook, and hundreds of other web services, news reports sensationalized the development by highlighting one company, for the most part—Google.

Across the internet and social media (as well as our headline), word spread that Google’s Gmail users were at risk as the passwords (and other data) of 183 accounts were leaked. Others claimed the number was in millions.

However, HIBP’s Troy Hunt also said in his blog post that a lot of this data could come from previous breaches, going back years. Furthermore, the breach doesn't involve a hack on Google or Gmail, but rather devices on which the infostealer malware was deployed.

The widespread chaos caused Google to issue an announcement saying it didn’t face any breaches.

“Reports of a ‘Gmail security breach impacting millions of users’ are false. Gmail’s defenses are strong, and users remain protected,” said Google through a post published on X. The post consisted of a thread that further explained where the claims came from and how users can safeguard themselves from ill effects.

“The inaccurate reports are stemming from a misunderstanding of infostealer databases, which routinely compile various credential theft activity occurring across the web. It’s not reflective of a new attack aimed at any one person, tool, or platform,” added Google.

Amid all this, Microsoft found itself at the center of yet another cybersecurity risk.

As per reports, governments and private security firms have found that bad actors are exploiting a critical bug in Microsoft Windows Server Update Services (WSUS) soon after the company deployed an emergency patch for the remote code execution (RCE) vulnerability.

Labelled as CVE-2025-59287—CVE stands for “Common Vulnerabilities and Exposures”—this vulnerability is under active exploitation and has its severity designated as “critical” by Microsoft, which also says that the vulnerability isn’t publicly disclosed and is not exploited.

However, security experts and companies have a different story to tell.

The tech giant initially pushed a fix for CVE-2025-59287 on October's Patch Tuesday but failed to fully patch the vulnerability, leading to an emergency update, and in just hours, incident responders and threat researchers observed active exploitation.

“We are seeing about 100,000 hits for exploitation of this bug within the last seven days based on our telemetry,” said Dustin Childs, Trend Micro's Zero Day Initiative head of threat awareness, adding, “Our scans show that there are just under 500,000 internet facing servers with the WSUS service enabled. Due to the nature of the bug, we expect just about every affected server to be hit at some point.”

Childs also said that the attacks weren’t region-specific and are expected to grow unless a fix is deployed.

Google Threat Intelligence Group (GTIG) also confirmed active exploitation, saying, “We are actively investigating the exploitation of CVE-2025-59287 by a newly identified threat actor we are tracking as UNC6512, across multiple victim organizations.”

GTIG also noted that the bad actor has scouted the environments of compromised servers and ones they’re connected to, while also observing that some impacted hosts had data extracted.

Do you think these cybersecurity issues will affect more individuals and businesses and end up becoming an expensive blunder?

Let us know in the comments below!