Gmail Icon

By bharathp666 [see page for license], via Wikimedia Commons

Yesterday it was widely reported that roughly 5 million Gmail addresses and passwords were leaked.  Google has reported that less than 2% of the leaked credentials would have worked, and they’ve already taken the necessary precautions to lock down those accounts to protect the users.

According to Google:

It’s important to note that in this case and in others, the leaked usernames and passwords were not the result of a breach of Google systems. Often, these credentials are obtained through a combination of other sources.
For instance, if you reuse the same username and password across websites, and one of those websites gets hacked, your credentials could be used to log into the others. Or attackers can use malware or phishing schemes to capture login credentials.
You can check to see if your email address was in the list by using the KnowEm check tool.  This is a reputable site and they do not record the email addresses checked.  They also do not ask for your password.  The tool only checks to see if your address was included in the list of credentials released yesterday.
To protect your Google account, it is recommended that you have a strong password that you haven’t used elsewhere, and to enable 2-Step Verification on your account.  Many cloud services offer 2-step verification, and we’d recommend enabling it whenever possible.