Hackers dump 5m Gmail credentials
Threat exaggerated, says Google, claiming only 2% of username-password combos would work
Nearly 5m Gmail credentials were posted to a Russian bitcoin forum, online media reported.
Further posts regarding the 4.93m usernames and passwords claimed 60% were still in use, but a Google spokesperson, while confirming the authenticity of the accounts, said the credentials were likely stolen from sites other than Google.
"The security of our users' information is a top priority for us," the spokesperson told The Next Web. "We have no evidence that our systems have been compromised, but whenever we become aware that accounts may have been, we take steps to help those users secure their accounts."
The search giant later also said the threat had been exaggerated, writing in a blog post: "We found that less than 2% of the username and password combinations might have worked and our automated anti-hijacking systems would have blocked many of those login attempts."
While the precise identity of the hackers remains a mystery, the posting to a Russian site comes at a time when Russian and European cyber gangs' activities are escalating. A group from the region was implicated in the identity theft at US retail giant Target - an operation that yielded tens of millions of account details.
While Google Russia investigates the leak, Google account holders are advised to change their passwords and turn on two-factor authentication. They are further advised not to type their passwords into any third-party site, even if the site is offering help with security, as these may be phishing attempts.