Gmail has not suffered a massive 183 million passwords breach - but you should still look after your data

-

 

Infostealer malware and the facts about October 2025's "gmail" databreach


"Gmail" + "databreach" + "passwords"!

Sounds scary right?

The truth is your Google Workspace accounts are and remain secure. It's all your other web logins to 3rd party websites that may be at risk.


The news says danger-danger-danger?

Here are the facts:

  • Gmail says it has not suffered a massive data breach, despite claims
  • Reported 183 million passwords figure is primarily compiled from previously compromised credentials stolen from users' PCs and apps, as well as non-Google webservers
  • 3rd party websites (non-Google authentication) where you've used your Google email address as the login ID is where the risk is

"The inaccurate reports are stemming from a misunderstanding of infostealer databases, which routinely compile various credential theft activity occurring across the web. It’s not reflective of a new attack aimed at any one person, tool, or platform." 
- From Our Google Overlords in Silicon Valley


What does that mean exactly?

Infostealers are bots that infect PCs and unsecure servers with malware that record every login that occurs on an infected browser, app, or operating system.

If your PC were to be infected with an infostealer malware virus, it's watching you login to various websites and writing down what ID, password and URL/app you're using, then uploading those credentials to an online database elsewhere.


How did it get my login 'deets?

Most likely from 3rd party web servers where you used your [Google] "traditional" email address and "traditoinal" password login.

These were recorded by an infostealer on the 3rd party server which is not managed by Google and has no relationship to Google Workspace.

If you're like me, you use a @gmail.com personal email or your Google Workspace business email as a login ID to your social media accounts, banking, PayPal, or .gov websites.

When logging in, when it says "Sign in with Google", those traditional-based login credentials are safe.


It's when you use "Sign in with Email" that you may need to be concerned.

It does not mean your Google mailbox or Google Drive are at risk, because all supported Google users of Nephological are protected by 2-step verification (2SV) Google Admin policies enforced onto all user accounts we manage and support (i.e. 2SV can't be turned off or bypassed).


What should you be doing to ensure your logins are safe/secure?

  1. Ensure your 2-step verification is on for Google accounts
  2. Run the Google Account security health check
  3. Update important passwords listed in Google Password manager
  4. Check your Chrome security by pasting this into a Chrome browser tab: chrome://settings/safetyCheck

Google is constantly scanning the dark web for anything that matches your Google Workspace/@gmail.com email address and anything stored in Google Password manager.

  • Do not reuse your Google Workspace password for any other login to any other server or website
    • Use different password for "Sign in with Email"!
    • Accept "complex password" creation offers from Google
  • Use a personal @gmail.com account and address for non-business website logins
    • Keep your business account reserved for business login needs!

Need help? Unsure where to turn to next? Email us at support@nephological.com.au for assistance!

Popular posts from this blog

Transition from Google Calendar Appointment Slots to Appointment Scheduler

-
Image
Step 1 : Open Google Calendar in Chrome browser Step 2 : Open user calendar settings from Gear symbol upper right corner of web page Step 3:  Scroll to Appointment Schedules lower left hand sidebar Step 4: Select Appointment schedules > Create appointment schedules instead of appointment slots Step 5: Click left arrow next to Settings upper left corner Step 6: + Create > Appointment schedule Step 7: Give schedule a name, duration of an appointment, and set availability Step 8: Set Scheduling window and minimum time allowed before booking Step 9 : Set buffer time so no overlapping of concurrent meetings overrun Step 10: Apply video conferencing and Description,  Step 11: Add Phone Number field to Book Form Step 12: Adjust Email reminder to preference and click Save Step 13: Copy booking page link from Copy icon (not "Open booking page") Step 14: Include link in webpage and mail signature
Read more

Google My Business isn't just about Google Search and Maps results

-
Image
Google My Business is more than just managing your listing in Google Search and Google Maps. It's an engagement platform to talk to your clients. This can be in the form of responding to Google Reviews (and not just the bad ones), using Google Posts to broadcast something directly into Google Search (hello, free advertising?), or answering questions posted on your listing. Answering questions on your Business Profile helps:  Educate people about your business  Showcase quality customer service  Build relationships with customers Regardless of whether your business provides services or products, not having a managed listing in Google My Business (GMB) puts you at a distinct disadvantage to your competitors and effects an impression of apathy or ignorance of technology. Need help setting up your business inside GMB? Have a rogue or unmanaged listing? Nephological are experts in Google My Business, including Google Posts training, Google Ads Express cam...
Read more

Why you need a website (and not just social media presence)

-
Image
"A fool is soon parted with their money." - P.T. Barnum Your future customers, colleagues, and clients feel the same way. Which is why they are leery when trying out a new provider, and it being crucial to present a professional and business-looking frontage to your sales leads and professional network. Would you trust a business that does not have a website? Do you look for a business in Google Search first, Facebook search second? Feel like you can't trust a @bigpond.com, @yahoo.com, or @gmail.com email used for business purposes? These are just a few of the barriers to entry small businesses sometimes choose to ignore and workaround on their own, thinking a mobile phone number and a Yellow Pages ad are all one needs to promote a business. That business model may have worked in the 80's and early 90's, but not today's internet-savvy customers looking for your services online. Whether they are Gen X or Millenials, internet literate clients expect some sort o...
Read more