Definitely not Gmail passwords, or at least not passwords leaked from Google themselves. I have an account on there that I only use for spam and signing up for sites that require an email address, but it lists a junk password that has never been used with that account on Google itself. It's been used with that email address on many sites, but not Google.
It seems this list is either curated to only include Gmail address scraped from some other site or they tried combining an email and a passwords list together.
Checked on the linked website (https://isleaked.com/en.php) for my junk gmail account.
It didn't have the right first letters for my gmail password, but it is a match for some forums I've been using. Perhaps this is where the info comes from?
The problem with such lists is that plenty of people will use the same password they used on website 'x' with their gmail account. So don't be surprised if a whole pile of these actually will work with the listed gmail address.
Me too. My password is in the dataset, but it's one I've never used with my Google account. It's my "low-security" password that I use on sites that I don't really care about.
Canary is still chewing through the dataset I fed it and figuring out where they all relate (if at all), but so far it seems that some of the data is as old as January 2014. This is likely not from Gmail itself but perhaps a collection of other leaks.
Interestingly I have one hit for my gmail on isleaked.
Looking at that link I see freebiejeebies, which if I check in keepass I created an account for in 2008 with a unique password (as I tended to back then, even for throwaways).
Sure enough the first two characters match that reported by isleaked (Though case doesn't match..)
Having gone through the majority of the other entries in keepass, that is the only password starting with the two reported characters.
So can safely say freebiejeebies was compromised at some point.
Now to work out why I'd have an account on there in the first place ;)
I think it's the relation between upvotes/comments and also maybe many were upvoting from the submission page (which triggers vote ring detection or something, read about that somewhere)
It seems this list is either curated to only include Gmail address scraped from some other site or they tried combining an email and a passwords list together.