Tech Desk 
Oct 30, 2025
A massive leak of more than 183 million email addresses and passwords appeared online on Tuesday, affecting users globally, including many from Pakistan. It has been added to the “Have I Been Pwned” (HIBP) website, which is a breach-tracking service for checking if personal information has been compromised.
The leak was confirmed on October 21 by HIBP Owner Troy Hunt and originated from so-called "infostealer" malware, a type of malicious software that surreptitiously gathers the login credentials of infected computers.
The stolen email addresses and passwords included login credentials for major services like Gmail, Outlook and Yahoo Mail.
The 3.5-terabyte database came from the cybersecurity company Synthient and consists of “stealer logs" tracking three essential pieces of information: website URLs, email addresses, and passwords.
Hunt stated that it would be straightforward for hackers to use those logs to access victims' email accounts or anything else related to them.
Early analysis suggests that 92% of the credentials are from previous breaches, and 8% of them — around 16.4 million new email addresses — have not been linked to previous breaches at any time.
It has been verified that the information is legitimate since an HIBP subscriber was able to confirm that their stolen Gmail password was accurate.
Reportedly, Google insisted that there has been no breach of Gmail security. "Gmail's defences are strong, and users are protected,” the company stated, saying that the claims about a security breach of Gmail are "false" and based on "a misunderstanding of infostealer databases."
How to stay safe from hackers?
Security professionals are urging users, both in Pakistan and around the world, to remain alert. Google recommends that users check if their email appears in the leak (via the free HIBP tool), enable two-factor authentication, switch to passkeys and change their password immediately if they believe their account is compromised.
