Gmail_logo.png

(By Google (Transferred from en.wikipedia to Commons.) [Public domain], via Wikimedia Commons)

A large repository of 5 million Gmail passwords were leaked onto a Russian Bitcoin forum, Lifehacker is reporting.

The dumper, user "Tvskit", claimed that 60% of the usernames and passwords were good. That still leaves 3 million Gmail users possibly at risk.

Furthermore, as PCWorld is reporting, when you correlate the data with known leaks, a lot of the accounts on the list are around 3 years old.

It doesn't seem as if the list of credentials came from a breach in Google security. Rather, the usernames and passwords were collected from lots of other sites where people used their Gmail to sign up for services.

This Russian hacker may be blowing smoke. Its probably best to never believe (or at least call into question) the claims of people that steal information for a living.

The repository is no longer available, though you can be sure there are still a lot of copies floating around out there.



So a whole bunch of people may know that your Gmail password is just your name with the letter "A" swapped out for a "4". Shame on you.

Go change your password to something that's actually secure and enable 2-step verification on your Google account.

*UPDATE*

As this story develops, it seems that the threat is not as serious as it could be.

Apparently the list is an attempt at combining Gmail usernames which were used to log into other sites with the passwords for that site. The thinking here is that a lot of people use the same password for multiple sites. Don't do that.

In a statement to Mashable, Google said that they have, "no evidence that our systems have been compromised."

Like I mentioned above, this was likely a breach of lots of other, smaller sites' security rather than Gmail itself.

#bhamtech