Google plays down Gmail leak: Less than 2% of passwords currently valid

Google has responded to the news that a list of almost five million leaked Gmail addresses and passwords has appeared online via a Russian Bitcoin security forum.

It is believed that the information may have been stolen from other sites where a Gmail address is used to log-in, as many users have confirmed that the passwords are old or had been reused on various sites.

Read more: Why Apple needs to seriously rethink its security following the iCloud breach

Google has played down the leak by claiming that less than two per cent of the address-password pairs are currently valid for Gmail. While this may sound insignificant, it still means that approximately 100,000 Gmail users need to change their password immediately.

Google is sending out notifications if you are one of the victims of the leaked information, but a number of sites have also cropped up in the aftermath of the leak. IsLeaked is one of those sites, but others have cautioned that it may be a honey pot to collect email addresses. HaveIBeenPwned, another data breach site, will also inform users if their account has been compromised.

The search engine firm has stressed that it is always monitoring the web for large data leaks.

"We found that less than two per cent of the username and password combinations might have worked, and our automated anti-hijacking systems would have blocked many of those login attempts. We've protected the affected accounts and have required those users to reset their passwords," it said in a blog post.

Users may well be concerned that future data breaches might be more difficult to identify, particularly if they are not posted to a public forum. However, Google has said that it constantly checks accounts for unusual activity and blocks sign-in attempts when necessary.

Read more: Gmail password leak: How to change your Gmail password

In the meantime, users affected by the recent data leak may well find themselves targeted by increased spam and should be extra vigilant against phishing attacks.