A database containing the account details of nearly 5 million Gmail users was posted to BitCoin Security, a popular Russian website devoted to the cryptocurrency.
The text file was published on Tuesday night by user tvskit and is still available for download at the time of publishing this article but it only contains the email addresses. The leaker claims that around 60% of the accounts are "still active" and the majority of those accounts speak English, Russian or Spanish. The passwords not only give access to Gmail, but also other Google services such as Drive and mobile payment system, Wallet on the compromised third party sites.
Svetlana Anurova, a Google representative, told CNews that the tech giant is aware of the leak and encouraged users to select a stronger password and enable two-step verification, a security measure where users are required to provide a passcode sent to their mobile devices before any changes can be made to their account.
Google issued the following statement to Fusion:
The security of our users' information is a top priority for us. We have no evidence that our systems have been compromised, but whenever we become aware that accounts may have been, we take steps to help those users secure their accounts.
You can check if your account was exposed by clicking here and entering your email address (although Neowin cannot verify the intentions of the email check site), and while you're at it, go enable two step authentication by following the steps here.
Update: It appears these account details were obtained through several poorly secured 3rd party websites, and not from Gmail or Google itself. Thanks to whoever reported this and posted the link.
The above clearly shows that different passwords should be used for different websites, and to never use the password for your Google account on some 3rd party website!