This week, a list of nearly five million Gmail addresses paired with passwords appeared online, posted in a Russian Bitcoin security forum.
Some people who checked the list and found their Gmail addresses there reported that it contained an old password for them, and often a password that they had reused on multiple sites.
There’s speculation that the addresses may hay been stolen from other sites where people used their Gmail address as a log-in. Google itself says less than 2% of the leaked address-password pairs were current for Gmail. That sounds small but it means nearly 100,000 people need to change their Gmail passwords ASAP.