While there’s no confirmed mass breach of Gmail itself, Australians should still be alert.

Media reports have flagged a huge trove of stolen credentials – according to one estimate, more than 183 million email passwords (including “tens of millions” tied to Gmail addresses) were exposed in a malware-driven credential dump.

Cyber-criminals use exposed credentials for account take-over, identity theft, phishing, and to target older family members who may have simpler or reused passwords

What’s Happened

The New York Post reported that Australian security researcher Troy Hunt flagged a dataset built from infostealer malware: credentials such as usernames, passwords and website addresses siphoned from infected devices, not from a direct hack of Google or Gmail.

Earlier this year researchers also uncovered a massive leak of 16 billion login credentials (across many services including Google, Apple and Facebook) compiled from multiple smaller incidents or malware infections.

Google’s Official Statement

“Gmail’s protections are strong and effective, and claims of a major Gmail security warning are false,” the statement reads.

“We want to reassure our users that Gmail’s protections are strong and effective. Several inaccurate claims surfaced recently that incorrectly stated that we issued a broad warning to all Gmail users about a major Gmail security issue. This is entirely false.

“While it’s always the case that phishers are looking for ways to infiltrate inboxes, our protections continue to block more than 99.9% of phishing and malware attempts from reaching users.

“Security is such an important item for all companies, all customers, all users – we take this work incredibly seriously. Our teams invest heavily, innovate constantly, and communicate clearly about the risks and protections we have in place. It’s crucial that conversation in this space is accurate and factual.

“As best practices for additional protection, we encourage users to use a secure password alternative like Passkeys, and to follow these best practices to spot and report phishing attacks.”

What You Should Do Right Now

Here’s a checklist you can follow – as well as help parents or grandparents follow.

1. Check if your email has been exposed

Go to the free service Have I Been Pwned and enter your Gmail and other email addresses. It will show if they have appeared in known leaks.

2. Change and strengthen your passwords

• Use a unique password for your Gmail account (and all major services). Never reuse it elsewhere.
• Make it long, include upper- and lower-case letters, numbers and symbols.
• Consider a trusted password manager if you struggle to remember.

3. Enable two-factor (or multi-factor) authentication (2FA/MFA)

This adds a second step (code, device prompt or security key) when logging in. Many reports show credentials stolen from device malware still allow access unless 2FA is turned on.

4. Update recovery details and review account access

Check that your recovery email and phone number are current. In Gmail go to Security – Your devices & recent activity. Look for anything unfamiliar.

5. Be alert to phishing and vishing (voice-phishing)

Criminals are now using data (even basic business or contact data) to craft realistic scams: phone calls impersonating tech support, spoofed numbers, fake “account breach” alerts. Google warns it will not phone you out of the blue to ask for your password.

Helping Older Family Members

• Sit with them and check their account exposure together using Have I Been Pwned.
• Go through their password list (or password manager) and identify if they’ve reused passwords or kept simple ones like “123456”.
• Show them how to enable 2FA on their Gmail/Apple/other major accounts.
• Warn them of the “I’m calling from tech support” trick – tell them never to give passwords or codes to anyone who rings claiming to be from Google/Apple/your bank.
• Remove old apps they no longer use and ensure their device software (phone, tablet, computer) is up to date with security patches.

Think of your digital identity like your home front door key

Even though Google says there’s no broad Gmail breach, the credential-dump risk is very real for Australians. If your email or password turns up in a database, or insecure habits are in play (weak/reused passwords, no 2FA), you’re exposed. Think of your digital identity like a front door key: strong, unique keys plus a dead-bolt (2FA) make all the difference.

Stay safe online.

This article was prepared with AI assistance and carefully reviewed by the Hope 103.2 Digital team.

Article supplied with thanks to Hope 103.2

Feature image: Canva

Cybercrime is no longer a niche issue. It has grown into a staggering $9.5 trillion economy, making it the third-largest in the world, trailing only behind the United States and China.

Every 11 seconds, a cyberattack occurs, whether through hacking, scams, or ransomware, impacting both businesses and individuals. With technology advancing at breakneck speed, cybercriminals are getting smarter, using artificial intelligence to make scams more convincing and harder to detect. The challenge we face is not just about preventing cybercrime but staying ahead of it.

Businesses and individuals alike are feeling the impact. Last year, nearly 60% of companies fell victim to ransomware attacks, resulting in millions of dollars lost in stolen data and recovery costs. Meanwhile, online fraud is surging, with consumers losing $8.7 billion in the U.S. alone, marking a 14.5% increase from the previous year. These numbers only scratch the surface of an evolving crisis where AI-driven cyber threats are making traditional security measures outdated.

The Evolution of Scams in the Digital Age

As cybercrime evolves, so do the tactics used by criminals. Gone are the days of easily identifiable scam emails riddled with typos. Today’s scams are polished, hyper-personalized, and alarmingly sophisticated, often fuelled by artificial intelligence. Deepfake scams have increased by 700% in the financial sector, with scammers using AI-generated voice clones and realistic video fakes to impersonate CEOs, colleagues, and even family members. Imagine receiving a call from your boss asking for an urgent wire transfer – only it’s not them on the other end of the line.

Phishing scams have also taken a more insidious turn. AI allows scammers to mimic human behaviour, creating emails that sound personal, natural, and tailored to the recipient. They no longer rely on mass email blasts; instead, they invest time building trust over weeks or even months before striking. Another growing threat is QR code fraud, where criminals replace legitimate QR codes with fake ones, directing unsuspecting users to fraudulent websites designed to steal personal data.

This shift in cybercrime means that criminals no longer need to hack into systems. They just need to trick people into willingly giving up their information. In an era where trust is currency, cybercriminals are exploiting human psychology rather than just technical vulnerabilities.

Building Cyber Resilience: Preparing for the Inevitable

With cyber threats becoming more advanced, the focus is no longer just on preventing attacks but on building resilience – the ability to recover quickly when an attack happens. The most secure businesses and individuals take a proactive approach by backing up critical data, detecting threats early, and responding swiftly.

On average, it takes companies 73 days to contain a data breach. That’s more than two months where sensitive information remains exposed, creating opportunities for financial and reputational damage. The reality is that no system is completely secure, which is why preparation is key. Cyber resilience is about being ready, not reactive, ensuring that even if an attack occurs, it doesn’t result in catastrophe.

Practical Steps to Stay Safe Online

Cybercriminals thrive on exploiting weaknesses, and more often than not, their easiest targets are people who fail to take basic precautions. Fortunately, small yet strategic changes can make a big difference in staying protected. Using a password manager like 1Password or Dashlane to create and store complex passwords significantly reduces the risk of account breaches. Avoid reusing PINs, especially common ones like 1234, 1111, or 0000, which are frequently leaked in data breaches.

Another smart precaution is to set up a personal or family codeword for verifying calls or messages that claim to be from loved ones. Scammers often exploit emotions, sending messages that create urgency or panic. Pausing before responding can prevent costly mistakes. Governments are beginning to crack down on cybercrime, with new regulations imposing $50 million fines on companies that fail to protect consumer data. However, personal vigilance remains the best defence against digital fraud.

The Future of Cybersecurity: AI as a Weapon and a Shield

Artificial intelligence is reshaping the battlefield of cybersecurity. On one hand, AI is being weaponized by cybercriminals to automate attacks, create ultra-realistic deepfake scams, and bypass traditional security measures. On Black Friday alone, Visa and Mastercard reported a 200% increase in AI-driven fraud attempts, highlighting just how rapidly these threats are escalating.

At the same time, AI is also being used to strengthen cybersecurity defences. The rise of biometric authentication such as face scans, fingerprints, and even heartbeat recognition is paving the way for a password-free future. While biometrics may offer a more secure alternative to traditional passwords, it also raises concerns about privacy and data security. Are we willing to trade biometric data for convenience, and what happens if that data is compromised?

Meanwhile, industries once thought to be low-risk are now prime targets for cyberattacks. In 2024, a single cyberattack on the UK’s National Health Service delayed over 1,000 surgeries, proving that the consequences of cybercrime go far beyond financial losses. Critical infrastructure, from hospitals to airlines, is now in the crosshairs of cybercriminals, forcing organizations to rethink security at every level.

The Key to Outsmarting Cybercriminals

Cybercrime is evolving fast, but staying safe doesn’t require technical expertise – it requires awareness, adaptability, and action. Questioning unexpected requests, verifying sources, and maintaining strong digital hygiene can prevent most cyber threats from succeeding.

The internet isn’t getting any safer, but by staying informed and taking cybersecurity seriously, we can protect ourselves, our businesses, and our personal data. Cybercriminals are getting smarter so now it’s time for all of us to do the same.

Article supplied with thanks to Michael McQueen.

About the Author: Michael is a trends forecaster, business strategist and award-winning conference speaker. His most recent book Mindstuck explores the psychology of stubbornness and how to change minds – including your own.

Feature image: Canva