Were Your Google Credentials Leaked?

By September 12, 2014 Security News 31 Comments

Early on Tuesday, Google announced that a potential 5 million usernames and passwords associated with Gmail accounts have been leaked. It is unclear how many of them are current vs. outdated credentials. According to Google’s blog post“less than 2 percent of the username and password combinations might have worked.”

Visit our email look-up tool to see if your account was part of the leaked data.

We strongly suggest that you take this opportunity to change your Gmail account password and generate a new, strong password using LastPass. To protect our users, those who have reused their LastPass master password as their Gmail account password have been temporarily deactivated. For your security, note that it is very important to never use your LastPass master password for other logins.

If you’ve experienced trouble with your account, please contact LastPass Support so we may assist you in reactivating your account and creating a new, stronger master password.

Be Secure,


  • Anonymous says:

    I think the tool should be made “smart” and not require “@gmail.com”. It could allow typing another @domain but it should default to adding “@gmail.com” to whatever address is typed there ;-)

    • Amber Gott says:

      Only @gmail.com accounts were affected in this one but we continue to update our tools to stay up-to-date with other breaches and notify our users, the Security Challenge in the LastPass Icon > Tools menu offers a more comprehensive overview.

  • Anonymous says:

    Just a query how do you know that a user has reused their LastPass master password as their Gmail account password?

    Wouldn’t this mean you’d know our gmail passwords? I was forced to change my Lastpass password yesterday due to what I believe is this and I haven’t stored my gmail password in lastpass?

    I’m just confused by how you know if a user did in fact “Reuse their LastPass master password as their Gmail account password?”

    • Anonymous says:

      If you were using your gmail email as your LastPass login, they could know if the leaked password was able to be used to login to your account.

    • Anonymous says:

      See the response Amber wrote to the last poster: “We use a hashing system to perform this operation locally on your device, so that the “check” can be run securely and without transferring any data back to LastPass.”