Currently, no one knows how the email accounts and passwords were obtained, but some persons claim that the email accounts and passwords may have been obtained from websites that allow their users to register or sign-up with their Gmail accounts.
It was also suggested that the stolen Gmail accounts and passwords may have been obtained from the victims of phishing scams and people whose computers were infected with spywares, Trojan horse, and other malware.
So, to be on the safe side, we recommend that all Gmail users change their passwords immediately. Click here to change your Gmail or Google password.
We also recommend using the Google 2-Step verification process, which will make your Gmail account more secure, because it will prevent someone from gaining access to it, even if that person is able to get a hold of the password.
Using complex passwords or passwords that are not easily guessed, will also help protect your online accounts.
Update: Google has posted information about the password dump or leak
One of the unfortunate realities of the Internet today is a phenomenon known in security circles as “credential dumps”—the posting of lists of usernames and passwords on the web. We’re always monitoring for these dumps so we can respond quickly to protect our users. This week, we identified several lists claiming to contain Google and other Internet providers’ credentials.
We found that less than 2% of the username and password combinations might have worked, and our automated anti-hijacking systems would have blocked many of those login attempts. We’ve protected the affected accounts and have required those users to reset their passwords.
It’s important to note that in this case and in others, the leaked usernames and passwords were not the result of a breach of Google systems. Often, these credentials are obtained through a combination of other sources...
Click here for more information.
For more information about the Google 2-Step verification process, please click here.