Earlier today, a huge number of Google account usernames and passwords were leaked onto the internet via a Russian Bitcoin security forum. This afternoon, Google has officially responded to concerns about the more than 4 million supposed login credentials, saying that none of the company’s systems were breached in order to obtain the data. Furthermore, the company says that it found that “less than 2% of the username and password combinations might have worked,” and that those who were affected have been notified.
We found that less than 2% of the username and password combinations might have worked, and our automated anti-hijacking systems would have blocked many of those login attempts. We’ve protected the affected accounts and have required those users to reset their passwords. It’s important to note that in this case and in others, the leaked usernames and passwords were not the result of a breach of Google systems. Often, these credentials are obtained through a combination of other sources.
As is the case with many of these events, Google says, the leaked usernames and passwords were likely obtained through a variety of sources outside of Google. The Mountain View corporation went on to remind users how to keep themselves protected, including making sure to use different login credentials across different websites, updating your account recovery options, and making sure to use a strong password in the first place.