Downloading large datasets of stolen email credentials, often referred to as "combolists" or "bases," typically involves accessing illegal or high-risk repositories that may contain malicious software. Several massive databases containing Gmail and other login credentials have been reported by security researchers in recent years, though these are generally compilations of data from various sources rather than a new breach of Google’s own servers. Reported Large-Scale Credential Exposures
Recent reports have identified several massive databases containing millions of Gmail accounts: Download Million Gmail base rar
: Discovered in late 2025, this 3.5-terabyte dataset contained credentials harvested via infostealer malware. It was later added to the Have I Been Pwned database. It was later added to the Have I Been Pwned database
: A similar plain-text file was found online in May 2025, exposing credentials for platforms including Google, Microsoft, and Apple. Risks of Downloading "Base" Files Who's Been Pwned exposing credentials for platforms including Google
: In January 2026, security researcher Jeremiah Fowler reported an unsecured 96GB database containing roughly 48 million Gmail accounts along with millions of Facebook and Instagram logins.