According to the Daily Dot, nearly 5 million usernames and passwords associated with Gmail accounts have been leaked on a Russian Bitcoin forum. Here's what you should know.


The list has since been taken down, and there's no evidence that Gmail itself was hacked—just that these passwords have been leaked. Most sources are saying that lots of the information is quite old, so chances are they were leaked long ago—though others are claiming 60% of the passwords are still valid (not to mention really, really horrible).


To check if your password was one of the leaked, plug your Gmail address into this trusted tool from KnowEm. Alternatively, if you aren't comfortable giving out your email, you can change all your passwords now.

No matter what you do, make sure you using a strong password on all your accounts and that you've enabled two-factor authentication. Hit the link to read more.

Update: Looks like the IsLeaked tool is having some trouble due to unusually high traffic—if you get an error message, try reloading the page or checking back later.


Update 2: We still aren't sure how these passwords were leaked or when—but some folks over on Reddit discovered that these may not, in fact, be Gmail passwords, as original reports claimed. Instead, it looks like these are passwords leaked from other web sites over the years that were associated with Gmail addresses. But, as we know, many people used the same password for multiple accounts—which is why some of you may find that your old Gmail password was leaked (while others are seeing passwords not from Gmail).

We still don't know the full details, but the lesson remains the same: use secure passwords and enable two-factor authentication on all of your accounts!


Update 3: We've replaced the original link the password checker tool with one from a known, trusted company, due to some controversy surrounding the original tool (which, while mostly speculation, has caused a small stir).

5 Million Gmail Passwords Leaked to Russian Bitcoin Forum | The Daily Dot