This applies to everyone, not just Gmail users. A researcher at Hold Security bought 272 million stolen passwords on the dark web. Some of the credentials were for Gmail. This is not Google’s fault. Whether you use Gmail or not, everyone, if they haven’t already, needs to enable two step login. Then it is very unlikely that an attacker can compromise your account, even if they discover your username and password.
Visit two factor auth dot org (no spaces) for a list of services that already permit you to choose two step login. Each site will walk you through the process.
Google calls their service 2 step verification. Google that phrase to find instructions on Google’s site.
Forward this to everyone who you care about so that they can be more cyber-secure too.