NEW YORK — A list of 5 million Gmail addresses and passwords appeared on a Russian Bitcoin forum Wednesday.
It is still unclear how anyone obtained the vast collection of usernames and passwords. Google says its servers were not breached. The list appears to be a collection of passwords exposed in previous hacks — likely on users’ own computers, not Google’s systems.
“We have no evidence that our systems have been compromised,” said Google spokeswoman Caroline Matthews.
In fact, there’s no telling yet whether the list is even authentic, the company said.
However, Google is warning affected users to take steps to further protect their Gmail accounts, such as creating a stronger password and using an extra security feature called two-step authentication.
You can also type your email address into the Security Alert tool to see if your account has been exposed.