Change your passwords: 5 Million Gmail accounts and passwords are leaked online by hackers!
Hoax or Fact:
These messages shared heavily on social media sites, also reported by news outlets warn users to change their Gmail passwords because 5 Million Gmail accounts and passwords have been leaked online by hackers. The claim is partially fact.
On 9 Sep. 2014, Russian hackers have leaked the email IDs and passwords of as many as 4.93 million Google accounts; the dump file was posted on Russian Bitcoin forum btcsec.com by a user named tvskit. Notably, tvskit said that approximately 60% of the passwords are still active.
The next day on 10 Sep. 2014, Google acknowledged the leak, but said that it was not due to a breach in its own systems. In their blog post, Google also refuted the claim saying less than 2% of the username and password combinations might have worked, and added that its automated anti-hijacking systems would have blocked many of the login attempts.
Google explained the leak saying, "Often, these credentials are obtained through a combination of other sources. For instance, if you reuse the same username and password across websites, and one of those websites gets hacked, your credentials could be used to log into the others. Or attackers can use malware or phishing schemes to capture login credentials."
Mashable.com also reported the leak suggesting the need to change some of Gmail passwords, also mentioning that if you have used a Gmail password that is unique from other accounts, you might not have to worry.
According to some of the leak victims and security experts, the passwords seem to be old, and do not appear to actually belong to Gmail accounts. Looks like many of the passwords were taken (hacked) from other websites where users used their Gmail addresses to register. Several users who found their email addresses in the leak confirmed that the associated password was never used for their Gmail.
What To Do
If you reuse your passwords, check this website to know whether your Gmail address is on the list of leaked accounts. If so, change your passwords, and make sure to choose long ones with a combination of special characters and numbers. You can also enable the two-factor authentication in Gmail, to make it more secure, even when someone steals your password. Note that hacking has been a frequent problem these days; 2 million Facebook, Gmail and Twitter passwords were reported to be stolen in December 2013.