Uh oh! It has been reported that nearly 5 million combinations Gmail usernames and passwords appear to have been published on a Russian Bitcoin forum. The passwords, which were published in a text file, contains information on English, Russian, and Spanish speaking users of Google’s services including Gmail and Google Plus.
On top of that, the leak also included thousands of user credentials for Yandex (the largest search engine in Russia). The publisher, named tvskit, posted the following screenshot and claimed that over 60% of the password were valid and working:
Source: forum.btcsec.com
Following news of the leak, Google and Yandex representatives told CNews that while the credentials were stolen through years of phishing and hacking against individuals, their own systems were never compromised.
Google’s reps told Russian Media that much of the information is old and potentially out-of-date since the phished and hacked credentials were collected over the years. In fact, many of the accounts have long been suspended or are matched with very old passwords. It also seems that many of the passwords were taken from websites where users used their Gmail addresses to register, according to some of the leak’s victims as well as security experts.
What does that mean?
For example, someone might have signed up for a website with the username “myaddress@gmail.com” and the password “mypassword.” The list exposed this week makes it look like “mypassword” is the password for the Gmail account itself, but the user’s actual Gmail password might be totally different. So if you’ve used a Gmail password that’s unique from other accounts, you might not have to worry.
That having said, if you want to find out if your account is included in the leak, input your address here to check. Also, as a precaution, you should change your password, choose a long one that combines both alphabets and numbers, and make sure you turn on the 2-step verification for your account. Aside from that, try to not use universal passwords for everything.
Better be safe than sorry, after all!