Shier pointed out that if hackers get usernames and passwords that people use on multiple sites, they could gain access to various aspects of a user's life. "If you use the same password for Facebook and your banking account, that could just lead to trouble," he said. "They could lock you out of your own account or they could steal your identity."
What should Gmail users do now?
Security experts generally agree that this would be a good time for users to change Gmail passwords and to use strong passwords (that means upper and lower case letters, numbers and punctuation marks). And don't use the same passwords for every Website and application. Two-step authentication, if it's an option, also adds an extra layer of security.
Google also advised people to update their recovery options so the company can reach them by phone or email if they're locked out of their accounts. Gmail users can go to this page for a list of Google's security controls.
"Don't panic," said Shier. "If you change your passwords and make sure your passwords are complex and you don't reuse them, you should be in good shape."
Sign up for CIO Asia eNewsletters.