A list of five million Gmail addresses and passwords appeared on a Russian Bitcoin forum on Wednesday.
It is still unclear how anyone obtained the vast collection of usernames and passwords. Google says its servers were not breached. The list appears to be a collection of passwords exposed in previous hacks – likely on users’ own computers, not Google’s systems.
In fact, there’s no telling yet whether the list is even authentic, the company said.
However, Google has locked out anyone whose email account was included in the leak.
The company is directing them to another Google site to reset their password and regain access to their account.
It is also advising them to take steps to further protect their Gmail accounts, such as creating a stronger password and using an extra security feature called two-step authentication.