A database reportedly containing 4.93 million Google user names and passwords was uploaded late Tuesday to a Russian bitcoin forum, according to reports from Russian news outlets. A site administrator has since purged the passwords, though email addresses remain intact.
According to a Google spokesman, the list, likely phished or combed from malware-infected computers, seems to contain older or outdated login information. The uploader claimed 60% of the passwords are still valid.
“The security of our users’ information is a top priority for us,” a Google representative said in a statement. “We have no evidence that our systems have been compromised, but whenever we become aware that accounts may have been, we take steps to help those users secure their accounts.”
Concerned users can use this tool (h/t Lifehacker) to check if their information was leaked. Using it, an editor at Fast Company, the technology and design blog confirmed his email address was part of the cache, but the password listed was from several years ago. (Some readers said they were uneasy about handing over their email addresses.
They can also run a search replacingup to three characters with asterisks–eg. john***[email protected] instead [email protected]–to return the number of matching results.) In addition, users can turn on two-factor authentication to add a security layer when accessing accounts from new devices.