It is still unclear how anyone obtained the vast collection of usernames and passwords. Google says its servers were not breached. The list appears to be a collection of passwords exposed in previous hacks — likely on users’ own computers, not Google’s systems.
“We have no evidence that our systems have been compromised,” said Google (GOOGL, Tech30)spokeswoman Caroline Matthews.
In fact, there’s no telling yet whether the list is even authentic, the company said.
Related: Home Depot confirms months-long hack
However, Google has locked out anyone whose email account was included in the leak. The company is directing them to this Google site to reset their password and regain access to their account.
It’s also advising them to take steps to further protect their Gmail accounts, such as creating a stronger password and using an extra security feature called two-step authentication.
And if you haven’t heard from Google and you’re still worried? In an upcoming blog post, Google will direct users to another website so they can check if their email addresses are listed.
Source: CNN Money