Warning to All Gmail and Outlook Users Following the Hacking of Billions of Passwords


Share on facebook
Share on twitter
Share on linkedin

Over the holidays, all internet users have been warned about dangerous “credential stuffing” hacks. 

Billions of unencrypted Gmail and Outlook usernames and passwords have been dumped and logged through HaveIBeenPwned. 

Huge file dumps containing passwords are uploaded to the internet when websites leak or are hacked. 

Hackers then try these passwords on your other accounts – or on the accounts of other users. They hope you’ve reused your passwords or chosen simple and widely used logins. 

This allows them to easily access your online accounts without directly compromising your system. 

With two billion credential stuffing attacks having occurred in the last year, if hackers obtain access to your Gmail or Outlook using this method, they may be able to break into even more accounts. 

Hackers can steal and use your personal information, resell it, deplete your bank accounts, and disrupt your online life. 

How to protect and mitigate risks in the case of an email password compromise: 

1. Check your email settings

Attackers can set your email account to automatically forward your messages to the attacker and send malware or phishing spam. Examine your settings for anything unusual. 

You should also send an email to your contacts or post on social media that your email has been compromised to warn them not to open any attachments sent by you. This can keep viruses from infecting your contacts.

2. Ensure that your antivirus software and operating system are up to date

Software is updated on a regular basis to prevent hackers from exploiting faults and holes. Updates not only improve software, but they also make it more secure. If you haven’t already, automatic updates can save you a lot of work.

3. Run a virus scan on your device.

Changing your passwords isn’t enough if your device is infected with malware. The attacker could gain access to your new passwords by using a keylogger, for example. 

Scan your device for viruses before changing any passwords. Even if everything appears to be in order, you should perform this on a frequent basis because malware can be difficult to detect. Some viruses can even disable your antivirus programme if it isn’t powerful enough to stop it. 

4. Change your passwords now.

This is one of the most crucial tasks to do. It’s a promising idea to update your passwords on a regular basis. If you believe or know that your email address has been compromised, you must change it at once. Yes, having many passwords can be tedious, but we’re talking about your personal security here. Can you ever be too safe? 

Don’t be alarmed if your compromised account’s password has been changed. You may still be able to access your account via the “forgot your password” function if you have put security measures in place. 

Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.


Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235

Emergency Assistance

Under Attack?

Please fill out the form and we will respond ASAP. Alternatively, click the button to call us now.