You Should Change Your Gmail Password Right Now

Impact

Time for another password change, folks: A database of what looks like 5 million Gmail login and password pairs has popped up on a Russian Bitcoin forum. 

The text file containing the data was uploaded to a Russian Bitcoin Security board on Tuesday evening. Russia Today reports that the forum administrators have "since purged passwords from it, leaving only the logins."

News of the leak comes one month after the New York Times report alleging that a Russian crime ring had compiled more than 1.2 billion username and password combinations, making it one of the "largest known collection of stolen Internet credentials." Milwaukee-based security firm Hold Security said at the time that the collection included "confidential material" gathered from more than 420,000 websites, including 500 million emails. 

According to Russia Today, the accounts "are mostly those of Google users and give access to Gmail mail service, G+ social network and other products of the U.S.-based internet giant." The Daily Dot notes that this particular Bitcoin Security forum "has been the scene of several major leaks over the past several days. On Tuesday, 4.66 million Mail.ru accounts were exposed." And password information for 1.26 million accounts on Yandex, another popular Russia email service, showed up on Monday. 

Google Russia told Russia Today that it's investigating the alleged leak, while Mail.ru and Yandex are insisting that "their own databases were not compromised and suggested that the leaked data was accumulated over years through phishing and other forms of hacking attacks on users."

Do you want to know if your account's been compromised? Visit https://isleaked.com/en.php and input your email address. Either way, you should probably enable two-factor authentication on Google to avoid the kind of password phishing that Yandex and Mail.ru cite.