Hackers posted around 5 million Gmail addresses and passwords to a Russian bitcoin forum late Tuesday evening.
The posting caused initial panic among Gmail users, but actually only 1-2 percent of the listed passwords were linked to active email accounts. Gmail immediately contacted these individuals, informing them of the leak and the urgent need to change their passwords.
IT professionals theorize that the cybercriminals accumulated the list of passwords over several years and through a variety of sites. Although the Gmail accounts posted were real, many of them were not active at the time of the posting. Even if they were active, most of the combinations would not work because they were not harvested directly from Gmail.
In the wake of this incident, Gmail has revealed a new feature called Account Checkup, which notifies users if unusual or suspicious activity has recently occurred. To minimize the risk of identity theft, also be sure to establish strong passwords and don't use the same one for every site you frequent. It is also a good precaution to change important passwords frequently and to establish two-factor verification.
Google would like to make it very clear that their program was not directly hacked. Slate.com elaborates, "If anything, it might be your other accounts that you need to worry about most in the wake of the latest password dump. If your email address and a password are floating around on hacker forums right now, it's a good bet that someone somewhere will be trying to plug those credentials into a wide range of popular websites, just on the off chance that they'll work."
Make sure your personal information is secure, and if you own a business you should also think about protecting your customers. Scan your payment processing software for malware and foreign intrusions, and make sure it is fortified with the latest in secure technology.