To help us provide you with free impartial advice, we may earn a commission if you buy through links on our site. Learn more

Watch out celebrities, 5m Gmail accounts have been hacked

Gmail Icon

Usernames and passwords for the popular email service have been dumped online, prompting further security fears

Jennifer Lawrence is probably hoping that she doesn’t have a Google account. Just a couple of weeks after her nude photos, along with those of other celebrities, were leaked online after iCloud accounts were hacked, five million Gmail usernames and passwords have been posted on the the Bitcoin Security forum,

While we don’t have any details of celebrities being affected, according to the user that posted the account details, up to 60 per cent of them are valid. As well as the immediate threat to people’s Gmail accounts, which would also give access to other Google services, including Google Plus Photos (which Android backs up to automatically) and Drive, there was a wider security implication.

Many websites require you to register with your email address and password. Given that many people use the same password all over the internet, this latest breach potentially gives hackers access to much wider range of sites and information. A good example is iCloud, which requires an email address and password to get access (see how to delete photos and videos from iCloud). 

Of course, with access to a user’s email account, it’s a trivial process on some sites to request a password reset, with the confirmation being sent to the registered email address.

Google has been quick to play down the threat, stating in a security blog post that less than two per cent of username and password combinations might have worked. It also said that it constantly monitors for these ‘password dumps’ and its anti-hijacking systems would have prevented many login attempts.

Even so, Google recommends using a strong password (capital and lower-case letters, punctuation and numbers) and turning on two-factor authentication, which requires a code generated by your phone to login as well as your password. Our guide on how to use Google 2-step verification will show you how.

If you’re worried that your Google account may have been hacked, you can check by going to and entering your email address. This site will check if your account was on the list or not. It allows you to use up to three asterisks instead of real letters, to hide your email address if you’re worried about further privacy breaches, but the site promises not to store any data entered.

Read more