You should change your Gmail password. A list of almost five million usernames and passwords for Gmail have been leaked on a Russian forum, putting millions of people at risk for having their Google accounts compromised. This could affect not just your Google accounts, but all of your other accounts and information that could be tied to your Gmail address. Seriously, this could be a big deal. Go change your password.
A lot of the compromised accounts are old, have been suspended, or have old passwords listed, but you should still check. You can plug your email address into this site to see if you are on the list of leaked usernames. The list contains Russian, English, and Spanish Gmail users. Google representatives confirmed that the list is one that has been built over years of phishing attacks, and other hacking and social engineering methods. Google’s servers are safe; nothing has been compromised on their end.
You should be changing your passwords on a regular basis, not just for your Google account but for any and all of your online accounts. A lot of these types of breaches are made worse because users tend to create weak passwords and then use the same weak password for all of their accounts. If you have the same password for your Gmail account and your bank account, for example, it’s not a difficult process for a nefarious party to discover and then access your bank account. This breach is potentially even scarier because password resets generally only require your email address.
This is the perfect time to not only change your passwords, but to also turn on two-factor authentication everywhere you can. You would also be wise to invest in a password manager like 1Password or LastPass. I personally use LastPass. It’s perfect for desktop and mobile use. The Chrome extension and Android app make it really easy to manage strong passwords across devices. The premium version is only $12 per year. I figure that $1 per month is well worth my safety and peace of mind.