Check if your online passwords have been compromised

A large dump of nearly 5 million usernames and passwords claiming to be from Gmail accounts has been posted online. Whilst the origin of the breach remains unclear, the breached credentials were confirmed by multiple sources as correct, albeit a number of years old. Some people who checked the list and found their Gmail addresses there reported that it contained an old password for them, and often a password that they had reused on multiple sites.

There’s speculation that the addresses may hay been stolen from other sites where people used their Gmail address as a log-in. Google itself says that less than 2% of the leaked address-password pairs were current for Gmail. That sounds small but it means nearly 100,000 people need to change their Gmail passwords ASAP. If you’re one of them, Google should have already notified you.

The popular Haveibeenpwned site, run by well-known software architect and Microsoft MVP Troy Hunt – which lets visitors check if their username or email address (NOT password) have appeared in any data breaches – has been updated to reflect this latest data dump.

It’s worth checking if your details were included in any data breach by using the Haveibeenpwned site. If you’re affected, it would be a good idea to update your passwords if you haven’t changed them in a while.