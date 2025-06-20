My Google email has been leaked several times over the last decade, earliest in 2012 ( last.fm ). Probably before as well...

"In March 2012, the music website Last.fm was hacked and 43 million user accounts were exposed. Whilst Last.fm knew of an incident back in 2012, the scale of the hack was not known until the data was released publicly in September 2016. The breach included 37 million unique email addresses, usernames and passwords stored as unsalted MD5 hashes."

Unsalted MD5 hashes... ouch

A password I once used has also been leaked/exists in password lists combined with one of my email addresses. Probably from the above leak. But I don't use that password any more obviously.

That doesn't stop lowlifes trying to scare me with the old "we know your password is password1234 and have been recording your dirty activities" scam though

I usually get an email from HaveIBeenPwned if my email gets leaked. It's a great service for checking what breaches your mail has been leaked in.

https://haveibeenpwned.com

Note also that just because they have your email doesn't mean they have your password. They might have a (salted) hash of your password if it was leaked, but that would have to be brute-forced so unless you're using a very common password they won't bother.