Nearly five million Gmail usernames and passwords were published on a Russian Bitcoin forum on Tuesday evening, as first reported by international sources including one Russian news agency that claims 60 percent of the accounts are active and can be accessed immediately.
Google doesn't think we have much to worry about and issued a statement to Fast Company saying that the login credentials published appear to be outdated. “We have no evidence that our systems have been compromised, but whenever we become aware that accounts may have been, we take steps to help those users secure their accounts," a Google representative said in the statement.
Slate reports that though the forum posted valid Gmail addresses, the passwords may not match or could be old. Google said in a blog post that it "found that less than 2% of the username and password combinations" in the leak worked.
Per Fast Company and CBS San Francisco, here are some quick ways to see if your Gmail account information might have been leaked:
Check your Gmail address using these tools (they should never ask for passwords): KnowEm and Have I Been Pwned?.
Or you can search your gmail address and replace up to three characters with asterisks — for example jane***@gmail.com instead of [email protected] — to see what results pop up.
If the passwords leaked potentially belong to other accounts and could work on sites besides Gmail, it would be good to change those. Google also recommends enrolling in its 2-Step Verification, which adds an extra layer of protection to your accounts.
