If a new report making its way around the web proves accurate, a list of roughly five million Gmail usernames with passwords have now been published to the Bitcoin Security Forum by Russian hackers. Before you start panicking, let’s take a look at what we know.
Yes, the list appears to be legit and, according to the Russian media, Google reps confirmed that the list was comprised of accounts collected over the years through phishing and other hacking methods. The Next Web also reached out to Google, who said they “have no evidence that our systems have been compromised, but whenever we become aware that accounts may have been, we take steps to help those users secure their accounts.” Only about 60% of these accounts are said to be active, and of these active accounts many of them are believed to have an older password included in the leaked information and not the latest one. It’s also worth mentioning that most of these accounts are Russian, though supposedly some Spanish and English speaking accounts were also leaked.
Bottom-line, the odds of both your correct username and password being on the list are very low, but this leak does highlight how important it is to change your password frequently and to use common sense on the web to avoid phishing scams and password ‘hacks’. It also is a good reminder of the importance of 2-step authentication. If you haven’t already set up Google Authenticator, we recommend doing so now.