After Apple's high profile iCloud fiasco, Google is the latest cybercrime victim with Russian hackers posting usernames and passwords of close to five million Google accounts online.
The list was posted on bitcoin forum btcsec.com by a user called Tvskit. The user claimed that about 60% of the passwords are still active.
The same Google account password is used across all Google products like Gmail, YouTube, Hangouts, Drive and Maps.
Acknowledging the leak in a blog post, Google said it had found that "less than 2% of the username and password combinations might have worked."
It further said that Google's automated anti-hijacking systems would have blocked many of those login attempts.
"We have protected the affected accounts and have required those users to reset their passwords," it said.
Last week, nude images of celebrities were leaked from Apple's cloud service. Google maintained that the leaked usernames and passwords were not the result of a breach of Google systems.
"Often, these credentials are obtained through a combination of other sources," it said.
Cautioning users, Google said they should ensure they use a strong password unique to Google and update recovery options, so that they can get the information on e-mail or phone in case they get locked out of their account. "And consider 2-step verification, which adds an extra layer of security to your account," it said.