Around 5 million Gmail usernames together with passwords were leaked on a Russian Internet forum on Tuesday, reports said.
According to Forbes, nearly five million Gmail addresses with passwords appeared on a Russian Bitcoin security forum. Upon checking the list, some people found their Gmail addresses which contained old passwords, "and often a password that they had reused on multiple sites."
On a blog post, Google Spam & Abuse Team said that "in this case and in others, the leaked usernames and passwords were not the result of a breach of Google systems. Often, these credentials are obtained through a combination of other sources."
The blog also gave a scenario explaining what happened: "...if you reuse the same username and password across websites, and one of those websites gets hacked, your credentials could be used to log into the others. Or attackers can use malware or phishing schemes to capture login credentials."
Based on the blog, "less than 2% of the username and password combinations might have worked" and Google's "automated anti-hijacking systems would have blocked many of those login attempts".
The Russian tech blog Habrahabr speculated that the leaked Gmail addresses and passwords were a result of technological ways of hacking like "phishing scams, use of weak passwords, and other common compromises," Tom's Guide reported.
Google Spam & Abuse Team assured that they are constantly working to keep their users' accounts secure from phishing, malware, and spam.
The team also gave tips on how to make an account secure: "Make sure you're using a strong password unique to Google. Update your recovery options so we can reach you by phone or email if you get locked out of your account. And consider 2-step verification, which adds an extra layer of security to your account. You can visit g.co/accountcheckup
