If you are a user of Gmail, now might be a good time to change your password.
The passwords and email addresses for close to 5 million Gmail accounts have been posted to a Russian Bitcoin forum in the form of a text file. While forum admins were quick to remove any and all passwords from the file, there is no doubt some accounts are now compromised.
A Google representative told the Russian media that the majority of the passwords featured in the text file are old, or used for accounts that have been suspended. The original poster of the file, going by the name tvskit, claims more than 60 percent of the passwords work.
Aside from Google, thousands of login credentials for Russia's largest search engine, Yandex, were also included in the leak.
The security breach looks like it is a list of login credentials acquired over a long period of time through phishing and hacking of individual accounts, as opposed to wide-scale breach of system security. Both Google and Yandex say their systems were never compromised.
Still, it never hurts to be safe. If you want to check and see if your account may have been compromised, you can use this site. Even if your email isn't compromised, it is always a good idea to regularly change your password and enable two-step authentication.
This latest leak is just the latest breach in security to come from a Russian source. In early August The New York Times reported a Russian crime ring had assembled a similar list of more than 1.2 billion user name and password combinations, with more than 420,000 websites reportedly affected.
The high-profile Target hack also came from a Russian source and saw more than 40 million credit card numbers stolen alongside 70 million addresses, phone numbers and other personal data. Those same hackers may also be responsible for a similar hack targeting Home Depot. There is currently no word on the extent of the hack, but the company says that those who have used a credit or debit card in the store since April may be at risk.
Let this serve as a friendly reminder to all: don't click strange links, don't answer foreign emails and be sure to change your password regularly. It doesn't look like these kinds of attacks against websites and businesses will be going away anytime soon.