Close this search box.

Warning to All Gmail and Outlook Users Following the Hacking of Billions of Passwords


Over the holidays, all internet users have been warned about dangerous “credential stuffing” hacks. 

Billions of unencrypted Gmail and Outlook usernames and passwords have been dumped and logged through HaveIBeenPwned. 

Huge file dumps containing passwords are uploaded to the internet when websites leak or are hacked. 

Hackers then try these passwords on your other accounts – or on the accounts of other users. They hope you’ve reused your passwords or chosen simple and widely used logins. 

This allows them to easily access your online accounts without directly compromising your system. 

With two billion credential stuffing attacks having occurred in the last year, if hackers obtain access to your Gmail or Outlook using this method, they may be able to break into even more accounts. 

Hackers can steal and use your personal information, resell it, deplete your bank accounts, and disrupt your online life. 

How to protect and mitigate risks in the case of an email password compromise: 

1. Check your email settings

Attackers can set your email account to automatically forward your messages to the attacker and send malware or phishing spam. Examine your settings for anything unusual. 

You should also send an email to your contacts or post on social media that your email has been compromised to warn them not to open any attachments sent by you. This can keep viruses from infecting your contacts.

2. Ensure that your antivirus software and operating system are up to date

Software is updated on a regular basis to prevent hackers from exploiting faults and holes. Updates not only improve software, but they also make it more secure. If you haven’t already, automatic updates can save you a lot of work.

3. Run a virus scan on your device.

Changing your passwords isn’t enough if your device is infected with malware. The attacker could gain access to your new passwords by using a keylogger, for example. 

Scan your device for viruses before changing any passwords. Even if everything appears to be in order, you should perform this on a frequent basis because malware can be difficult to detect. Some viruses can even disable your antivirus programme if it isn’t powerful enough to stop it. 

4. Change your passwords now.

This is one of the most crucial tasks to do. It’s a promising idea to update your passwords on a regular basis. If you believe or know that your email address has been compromised, you must change it at once. Yes, having many passwords can be tedious, but we’re talking about your personal security here. Can you ever be too safe? 

Don’t be alarmed if your compromised account’s password has been changed. You may still be able to access your account via the “forgot your password” function if you have put security measures in place. 

Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian Enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.


Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235


Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media appearances and contributions by Gridware and our staff.

See More →



Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution



A collection of our published insights, whitepapers, customer success stories and more.

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →