A text file containing 5 million Gmail usernames and passwords has been leaked online, possibly leaving users vulnerable to data breaches.

A forum poster that goes by the name of "tvtskit" posted the file on an online forum claiming that around 60 percent of the passwords were valid. However, the passwords were quickly redacted by forum administrators and the file removed.

"We can't confirm that it is indeed as much as 60 percent, but a great amount of the leaked data is legitimate," said Peter Kruse, chief technology officer of CSIS Security Group. "We believe the data doesn't originate from Google directly. Instead, it's likely it comes from various sources that have been compromised."

What this means is that Google itself was not hacked, but rather other websites in which users have used their Gmail addresses as usernames have been hacked. The data appears to be as much as three years old and is likely a compilation from smaller hacks rather than one massive hack.

The exact number of addresses that were leaked is 4,930,000 and CSIS has confirmed that a number of the email address and password combinations were never used on Google accounts themselves, further reinforcing the idea that they come from other sources.

"The security of our users is of paramount importance to us," said a spokesperson for Google. "We have no evidence that our systems have been compromised, but whenever we become aware that an account has been compromised, we take steps to help our users secure their accounts."

Along with email addresses from Google accounts, the list also included accounts from Yandex, a Russian search engine. The leaked emails and passwords allegedly come from English, Russian and Spanish-speaking nations.

Luckily for users, there is a way to check if an email address is on the list. A website called "isleaked.com" has been created, allowing users to type in their email address and see if it is on the list. If users feel uncomfortable entering their email address on a website that they do not know, they can replace three characters with *'s, and the website will show a list of possible email addresses. The website is in Russian, but Google Translate can be used to get an approximate translation.

Representatives from both Google and Yandex have said that the list of email addresses was created from previous leaks and that no new hacks had taken place.

Even if a user finds out that their account was not compromised, it is still a good idea to change passwords every now and then.

ⓒ 2021 TECHTIMES.com All rights reserved. Do not reproduce without permission.