
By bharathp666 [see page for license], via Wikimedia Commons
According to Google:
It’s important to note that in this case and in others, the leaked usernames and passwords were not the result of a breach of Google systems. Often, these credentials are obtained through a combination of other sources.
You can check to see if your email address was in the list by using the KnowEm check tool. This is a reputable site and they do not record the email addresses checked. They also do not ask for your password. The tool only checks to see if your address was included in the list of credentials released yesterday.
To protect your Google account, it is recommended that you have a strong password that you haven’t used elsewhere, and to enable 2-Step Verification on your account. Many cloud services offer 2-step verification, and we’d recommend enabling it whenever possible.