5 million Gmail passwords were leaked, but Google is protecting the affected accounts

You’ve probably already heard about the iCloud security breach that resulted in a number of nude celebrity photos getting leaked online. Well, it seems that Apple wasn’t the only company to be targeted by hackers lately. Reports saying that many Gmail accounts have also been compromised went rampant these last couple of days. It turns out that about 5 million Gmail passwords have been leaked and posted on a Russian Bitcoin forum. The good news is that a chuck of these passwords were several years old and many of them have since been deactivated. The bad news is that as much as 60% of the hacked Gmail accounts are still in use so users are understandably concerned about this whole issue. Luckily, Google seems to be on top of the situation and the tech giant says that it already took the necessary steps to protect the affected accounts.

“We’re always monitoring for these dumps so we can respond quickly to protect our users,” reads a recent post on the Google Online Security Blog. “This week, we identified several lists claiming to contain Google and other Internet providers’ credentials. We found that less than 2% of the username and password combinations might have worked, and our automated anti-hijacking systems would have blocked many of those login attempts. We’ve protected the affected accounts and have required those users to reset their passwords.”

Google also says that the leak is not the result of poor Gmail security and that the credentials can be obtained by a number of other means. For example, a hacker can acquire your username and password if you keep using them across multiple websites. This is exactly why Google advises that you use passwords that are different from your Gmail password when creating accounts on other websites. In any case, Google will block sign-in attempts from unfamiliar devices and locations if it notices any unusual account activity in order to protect your credentials from being stolen.

“It’s important to note that in this case and in others, the leaked usernames and passwords were not the result of a breach of Google systems,” Google said. “Often, these credentials are obtained through a combination of other sources. For instance, if you reuse the same username and password across websites, and one of those websites gets hacked, your credentials could be used to log into the others. Or attackers can use malware or phishing schemes to capture login credentials. We’re constantly working to keep your accounts secure from phishing, malware and spam. For instance, if we see unusual account activity, we’ll stop sign-in attempts from unfamiliar locations and devices. You can review this activity and confirm whether or not you actually took the action.”

In the meantime, you can use the ISLeaked.com online tool to check if your Gmail account is among those affected.