Another day, another plea for you to change your password.

As IDG noted, a file was posted on a bitcoin security forum that claimed to include almost 5 million Gmail addresses and passwords.

It appears, however, that much of the data is old or most of the passwords don't actually match with the Gmail accounts on the list. Mashable suggested that data was likely gathered via various data breaches and includes emails and passwords for websites or third-party services rather than Gmail itself.

For example, you might use your Gmail email to log in to Amazon, but you (hopefully) do not use the same password for Gmail and Amazon. If the hackers breached Amazon, they'd have the email-password combo you used for Amazon, but not Gmail.

In a blog post, Google said that it "found that less than 2 percent of the username and password combinations might have worked, and our automated anti-hijacking systems would have blocked many of those login attempts. We've protected the affected accounts and have required those users to reset their passwords."

The hackers did not obtain the usernames and passwords via a breach of Google systems, the company said.

But if you're the type to use the same passwords across the Web (for shame!) or never change your passwords, this serves as yet another reminder that the strategy is a bad one.

There is a website where you can type in your Gmail address to see if your email is on the list, but at this point, the English version appears to be offline (only the Russian one is live). And it's probably best not to type your email address into a Russian website you don't understand, so maybe just change your password if you're worried.

To help you out on that, check out PCMag's roundup of The Best Password Managers and Two-Factor Authentication: Who Has It and How to Set It Up.

Editor's Note: This story was updated at 5:35 p.m. ET with comment from Google.

Further Reading

Productivity Reviews