Five million Gmail internet passwords have apparently been exposed, though there is speculation where these passwords are being used. According to RT, the password and email pairs were leaked onto a Russian cyber security forum. An administrator for the forum has since removed the passwords, leaving only the exposed logins.
There’s no indication that Google’s services were actually attacked in order to obtain the passwords. Hackers could have exploited other databases to obtain passwords that coincidentally work with some Gmail accounts. Google has responded on its Online Security Blog that there is no evidence that its systems were hacked. The company tested the leaked usernames and passwords and found that only 2% of them worked accessing Google accounts. The company has locked down the affected accounts and are requiring those users to change their passwords.
Google speculates the leaked passwords could have come from “a combination of other sources” like phishing attempts and malware attacks. Google recommends users check their security settings at g.co/accountcheckup.
If you want to see if your username and password are included in this leak, you can use KnowEm’s online tool to check. If you’re not comfortable entering your email address, you can replace up to three characters with asterisks and it’ll show a bunch of results that match the pattern. If you don’t want to deal with using this tool, it’s best that you just change your Gmail password and enable two-factor authentication if you haven’t already.
While we don’t know the full details about the leak, Google Russia is currently investigating and we’ll report back when we know more.
For tips about how to protect your online identity, check out our guide here.
UPDATE: I’ve updated the post with KnowEm’s website instead of the original isleaked.com site because its origins are suspect. You can read about the controversy here. The article has also been updated with comment from Google.
Follow me on Twitter: @lewisleong