A massive global data breach has exposed more than 183 million email addresses and passwords, including a large number of Gmail accounts, prompting cybersecurity experts to urge users across Ontario and Canada to take immediate action to secure their accounts.
The breach, revealed by information security expert Troy Hunt, founder of Have I Been Pwned (HIBP), is not linked to any single company but is instead a massive compilation of credentials stolen through information-stealing malware and credential-stuffing attacks. These stolen records were recently indexed on the HIBP platform, which now tracks more than 15.3 billion compromised accounts worldwide.
According to Dr. Ali Dehghantanha, cybersecurity professor and Canada Research Chair at the University of Guelph, the exposed data set, totaling 3.5 terabytes, includes usernames, passwords, and login details from platforms such as Google, Facebook, Apple, and Roblox. He said the breach highlights how info-stealer malware silently infiltrates devices to harvest sensitive information, while credential-stuffing lists exploit reused passwords to access multiple accounts.
Experts warn that the stolen data can be extremely damaging because it provides direct access to email, financial, and social media accounts, enabling further identity theft and fraud. Users are advised to visit Have I Been Pwned’s website and enter their email addresses to check if their credentials were included in the breach. The site will indicate when and where the email was compromised and the types of data that were exposed.
Cybersecurity specialists recommend several immediate steps to secure accounts. Users should change passwords for all affected accounts, ensuring that each one is strong and unique. Using a password manager is encouraged to help generate and store secure credentials. Enabling multi-factor authentication (MFA) adds an important layer of protection, making it harder for hackers to gain access even with stolen passwords.
Experts also advise monitoring email inboxes and financial accounts for suspicious activity, such as unauthorized login alerts or password reset attempts. Individuals should be cautious of follow-up scams, especially fraudulent messages posing as banks or technical support staff attempting to extract MFA codes or additional information.
To prevent future compromise, users should keep devices and software updated with the latest security patches, avoid clicking suspicious links, and only download apps from trusted sources. Those who suspect malware infection should perform a thorough scan and clean their device immediately, as reinfection could result in repeated data theft.
A recent Equifax Cybersecurity Survey found that 75 per cent of Canadians are concerned about having their personal data stolen, while one in three have been targeted by digital scams. Cyber experts stress that with breaches of this scale becoming increasingly common, awareness and proactive security measures are essential to protect personal and financial information online.