A list of almost five million email usernames and passwords was published on a Russian cryptocurrency website late Tuesday, many of which belonged to users of Gmail and its Russian equivalent, Yandex.
User “tvskit” of the Russian Bitcoin security forum btcsec.com published information for 4,930,000 email logins on the site, claiming 60 percent of the passwords provided were valid, according to a Daily Dot report. Soon afterward, website administrators removed the file and redacted the exposed passwords.
Business Insider reports that after getting a look at the list, forum users stated the exposed passwords were some 10 years outdated, and that numerous other posted accounts had been deactivated for years.
“The password that I generally use for other services is shown in this list and not my gmail password,” a Reddit user wrote in reference to the leak and was cited by Mashable. “This proves that the hackers hacked into some other service where gmail address (or other email addresses) are used and got the password of that service not gmail password.”
“The password it shows (or at least the first two characters) is NOT from a password I’ve ever used on Gmail,” another Redditor wrote. “[B]ut it does match a password I’ve used on bullsh*t I absolutely don’t care about.”
Though passwords for Gmail and other email accounts appear to be safe, it looks as if the hacker(s) may have intercepted passwords for other sites such as friendster, filedropper, xtube and freebiejeebies, according to the report.
Google and Yandex spokespersons told CNews the list was complied from years-old lists of previously compromised email accounts, and that no new accounts had been leaked or exposed.
Users can go here to check if their email was included on the list or otherwise compromised.