Google has played down reports that 5 million Gmail accounts were recently hacked following a breach of its security systems.
Earlier this week, a list purporting to contain users' email addresses and passwords, which have since been removed, was uploaded to a Russian forum.
In a post on Google's security blog, the search giant wrote that the supposedly leaked credentials were the result of "credential dumps" - rather than a breach of its systems.
Credential dumps contain usernames and passwords acquired from other compromised websites, or as the result of phishing attacks. Because people tend to use the same login details across multiple sites, there's a chance that hackers could log into other services using the same information.
According to Google, "less than 2% of the username and password combinations might have worked," adding that "our automated anti-hijacing systems would have blocked many of those login attempts."
Google has reset compromised accounts and notified their owners, who will have to change their password when logging in. If you haven't been notified and still feel paranoid, now's as good time as ever to pick that new passphrase.
The company has advised users to review their security options, including using a strong, unique password, updating recovery options and considering 2-step verification to increase security strength.