Sign in to your account by typing the address for the log-in page manually, or by using a link you've saved yourself, not after linking to a login-page provided by someone else (such as a link in an e-mail you've received). This step might have thwarted the recent hacker attacks.
In this case, hackers didn't actually worm their way into a Google's database of users. Instead, the perpetrators seem to have lured people to a fake website that looked close enough to an actual log-in page for Gmail to trick users into typing in their passwords.