So consensus seems to be this set of leaks is "old news" stuff that's previously been out in the wild.
For the sake of the family (here and California-wise), I've checked all our Gmail addies and they come up as clean.
That said, occasionally changing Google passwords is not a bad idea.
Originally shared by +Les Jenkins:
Well shit.
5 Million Gmail Passwords Leaked, Check Yours Now
According to the Daily Dot, nearly 5 million usernames and passwords to Gmail accounts have been leaked on a Russian Bitcoin forum. Here’s what you should know.
99 view(s)
I like Diego's analysis here:
https://blog.flameeyes.eu/2014/09/how-to-analyze-a-dump-of-usernames
Also; I cannot recommend https://www.google.com/landing/2step/ strongly enough. It's not intrusive (you only really need to enter an SMS code once a month, or when you log in from a new device), and it dramatically improves the security of your account.
Please (please please) do it now.
+Colm Buckley I keep looking at that, and each time something odd crops up in how our local machines are configured that makes me back off. I think it's pretty important for a variety of reasons, so I'll work through the exercise again.
Not having 2-factor authentication is like running an antivirus program but not having a firewall.
other reports are saying that these passwords are not actually gmail passwords, but come from other websites.
+Charles Carrigan indeed. Diego's analysis also says that.
The latest from Google is that these appear to be compilations of previously gathered passwords, from phishing attempts or the like. Their testing has shown a low percentage of still-current pairings.
Still, though. Two-factor makes it orders of magnitude less likely that any future hacking or phishing will affect you. I can't stress my recommendation any harder.