5 million Gmail addresses, passwords posted to Russian website

LOS ANGELES (KABC) -- A Russian website has published the addresses to more than 5 million Gmail accounts along with a list of passwords. While most of the passwords don't necessarily correspond to the Gmail accounts, experts say that security breaches are a constant threat.

"This is what's going on all the time behind the scenes," said Dr. Clifford Neuman, a professor at USC.

Neuman heads the university's Center for Computer Systems Security. He says many hackers sell and trade stolen passwords.

"It is believed this data was collected over quite a number of years. These aren't necessarily current user names and passwords, though for individuals who haven't changed their passwords in three years or two years or however long, they may still be active," Neuman said.

This most recent incident came to light Wednesday morning, after a Russian website that specializes in Bitcoin posted the list of passwords and Gmail accounts. Google says its system was not hacked. Instead it's possible the list of passwords were fraudulent or obtained from phishing sites.

While the authenticity of the information on the Russian site is questionable, Neuman says this should serve as a reminder that passwords need to be updated.

"If it is a password that you are using on a regular basis, change it every few months, for example. That way if a list comes out a year from now of passwords that were stolen a year ago, yours will not be on that list," he said.

Experts recommend that we change our passwords several times a year, and that we use different passwords for different accounts.

Several A-list celebrities, including Jennifer Lawrence, have had private photographs stolen from their cloud storage accounts. Neuman says hackers will continue to target sensitive information, so long as they see a vulnerability.

"Once the data is out there, especially if it's on the cloud, it can be picked up by others," he said.