Nearly 5 million Gmail usernames and passwords were published on a Russian bitcoin forum yesterday with 60% of the passwords appearing to be valid. The forum’s administrators quickly removed the file and redacted the passwords.
Google representatives told Russian media that much of the information is old and potentially out-of-date, so the “leak” may be better described as a collection of phished and hacked credentials collected over years. Other accounts were ones that have been inactive for years or were matched with old passwords.
The list shared also included email addresses for Yandex, the Russian search engine. The affected Gmail accounts are reported to come from English, Russian, and Spanish-speaking countries.
A tool has been made available to help you quickly check whether your Gmail’s credentials were compromised. Enter your address in the tool and you’ll get notified about whether your address was impacted. Even if the tool says your account was not compromised, it is a good idea to change your password; not just now but on a regular basis.
Changing passwords and keeping track of them can be a daunting task. You may want to look into a service like Keeper (paid) and LastPass (free). Both have browser extensions which will help you not only keep all of your passwords in one place but will also log you in to websites without you needing to manually enter a password each time.