A Google spokesperson told CNET that it recently became aware of the industry-wide phishing scheme through which hackers gained user credentials for webmail accounts. Google responded immediately by forcing a password reset on the 500 or so affected users. The company is also prepared to reset the passwords of any other newly compromised accounts.
Some of the accounts exposed online are old or unused, but many are genuine. All of the companies involved are recommending that users promptly and routinely change their passwords and security questions, and to exercise extreme caution when opening unsolicited attachments and links.