Google plays down Gmail address & password leak

The Gmail usernames and passwords of nearly five million accounts have reportedly appeared online in a Russian Bitcoin forum, but Google has been quick to play down the leak.

The login credentials reportedly appeared online early yesterday morning inside a .txt file on a Russian Bitcoin Security forum, where it was claimed that 60 per cent of the leaked usernames and passwords were still actively used.

Google has contradicted this claim in a blog post, by declaring that fewer than two per cent of the usernames and passwords listed would have worked.

"Our automated anti-hijacking systems would have blocked many of those login attempts," it states.

"We've protected the affected accounts and have required those users to reset their passwords."

The search giant then went on to state the leaked credentials were not in the public domain because of a direct hit on its email system.

Instead, the company said the details were likely to have been obtained through phishing attempts or attacks on websites that people use their Gmail addresses to log into.

"If you reuse the same username and password across website, and one of those websites gets hacked, your credentials could be used to log into others," the post explained.

To prevent users from having their accounts hacked, the company then goes on to recommend that Gmail users deploy two-factor authentication for their accounts and protect them with strong passwords.

"We're constantly working to keep your accounts secure from phishing, malware and spam," the post added.

"For instance, if we see unusual account activity, we'll stop sign-in attempts from unfamiliar locations and devices."