If you've got a Gmail account with a flimsy password, now might be the time to switch it up. Hackers dumped a database of nearly 5 million Gmail usernames and passwords to a Russian Bitcoin forum late Tuesday.
Russia's state-run news wire RIA Novosti reports the accounts are from English-, Russian- and Spanish-speaking users, and as many as 60 percent of them are active. Three million accounts sounds like a ton — and there's probably plenty of information in your Gmail account that you'd rather not share with strangers — but here are a few reasons why some tech writers are urging folks not to freak out.
For starters, Business Insider reports some of those forum users were able to find their own e-mail addresses and noted that the passwords were outdated or that the accounts had already been suspended or deactivated.
Mashable quotes two Redditors who said they saw their Gmail usernames but not their passwords, leading them to believe those passwords came from sites where you can sign in using your Gmail account.
With so many reported instances of dummy passwords and, in some cases, dummy accounts, a security expert told Mashable the hackers might've just done this for attention: "This proves that the hackers hacked into some other service where gmail address (or other email addresses) are used and got the password of that service not gmail password."
And many outlets also carried a statement from a Google spokesperson who said the company has "no evidence that our systems have been compromised."
That information is reassuring for anyone whose account shows up in the database, but people have a tendency to reuse familiar passwords. According to several writers, that makes the disclosed information still pretty dangerous.
If you'd like to check and see if your Gmail account is in the database, head over to isleaked.com/en. If you find your account on that list, there are a few things you can do.
Google's Safety Center suggests strengthening your password by either using a combination of letters, numbers and symbols, or using a unique phrase. The longer the password, the better.
Users can also implement a two-step verification process, which will require a password and then a verification code. The Safety Center can be used as a reference guide so users can find out how to keep from becoming cybercrime victims.
There's no word on who's behind the hack or how they got the information, but RT reports Google Russia is currently investigating the leak.