According to the Daily Dot, nearly 5 million usernames and passwords associated with Gmail accounts have been leaked on a Russian Bitcoin forum.
The list has since been taken down, and there’s no evidence that Gmail itself was hacked—just that these passwords have been leaked. Most sources are saying that lots of the information is quite old, so chances are they were leaked long ago—though others are claiming 60% of the passwords are still valid (not to mention really, really horrible).
Your best bet is to just change all of your passwords right now. No matter what you do, make sure you using a strong password on all your accounts.
We still aren’t sure how these passwords were leaked or when—but some folks over on Reddit discovered that these may not, in fact, be Gmail passwords, as original reports claimed. Instead, it looks like these are passwords leaked from other web sites over the years that were associated with Gmail addresses. But, as we know, many people used the same password for multiple accounts—which is why some of you may find that your old Gmail password was leaked (while others are seeing passwords not from Gmail).