A data file containing 4,929,090 Gmail accounts and passwords has been dumped on the Forum of Bitcoin Security, a Russian website covering cryptocurrency news and analysis.
Google says that the data wasn't hacked from their side. Instead, it is believed that the information was stolen from other sites and/or aggregated from successful phishing attacks.
The accounts belong to English, Russian and Spanish speaking users. According to commentary in the forum, 60% of the credentials still work. Many though are considered to be several years old and no longer in use.
Google recommends users to change their passwords and enable two-step verification. Some have sought to downplay the issue, arguing that the total number of records is only 1% of the some 500 million Gmail accounts in use.
This comes days after 4.6 million Mail.ru accounts and 1.25 million Yandex email inboxes were also compromised, with data uploaded to the same forum.
The past 6 weeks have witnessed a noticeable increase in online security incidents, both in the Bitcoin world and elsewhere. Russian hackers are believed to be behind a massive data breach at JPMorgan. Home Depot and Apple's iCloud also experienced major attacks.
This week, hackers allegedly broke into Satoshi Nakamoto 's personal e-mail, although much remains to be verified. The saga is still ongoing.