5 million Gmail usernames and passwords were recently leaked through several Russian cybercrime web forums earlier this week. Google had already confirmed the issue yesterday, though it claims that no compromisation of its data systems was done that led to leakage of these user accounts.
The leaked Gmail accounts were first published on a Bitcoin forum, and were submitted in the form of a standard listed text. The forum user who posted the account credentials claims that most of the data in the text are still usable. However, the administrators of the forum have already deleted the passwords, and only left the usernames for verification. Most of the account access data on the list are written in English, Spanish and Russian.
Though a substantial number of the listed usernames are legit, Google says there is no reason to panic. Reports highly suggest that the source of that data did not come from Google at all, but rather accumulated from hundreds of other websites and online sources (which are unrelated to Google’s own services) that might have used the same username and password.
Google’s own security blog even claims that only less than 2% of the username and password combinations on the leaked list actually worked. Furthermore, the time span of the accumulated passwords stretches as far as three to five years ago, which may mean that even if your account is on the list, the password may already be completely different to the one you have now.
Nevertheless, Google still advises Gmail users to at least check their accounts for possible security holes, and stay vigilant against phishing, malware and spam websites. Taking the necessary steps to prevent accounts from being accessed illegally goes a long way. Google’s 2-Step Authentication is also a plus, and can prevent unauthorized access even if your username and password becomes exposed.