5 Million Gmail Passwords Leaked
5 million Gmail password may have leaked to a Russian Bitcoin forum. What should you do to protect yourself?
Nearly 5 million usernames and passwords appeared to have been published on a Russian Bitcoin forum.
Much of the information is old and potentially out-of-date, Google representatives told Russian media, so the so-called “leak” may be more accurately described as a collection of phished and hacked credentials collected over years. In fact, many of the accounts have long been suspended or are matched with very old passwords.
The database of usernames and passwords, which was first reported by CNews, was posted on Tuesday evening to btcsec.com, a Russian-language Bitcoin security forum. The publisher, named tvskit, posted the following screenshot of the database, claiming that over 60 percent of the passwords were valid and working
—By Patrick Howell O’Neill for The Daily Dot | September 10, 2014
What should you do?
Update from Leo Notenboom(9/12/2014):
Leo Notenboom recommends a site to see if your Gmail account is at risk.
I trust this one: https://lastpass.com/gmail/
Gmail Hacked? Not Quite, Says Google (but Change Your Password)
Reports early Wednesday of millions of Gmail addresses and passwords being leaked had users of the popular email Web app understandably alarmed — but Google says the danger has been greatly exaggerated. “We found that less than 2% of the username and password combinations might have worked,” the company wrote in a blog post, “and our automated anti-hijacking systems would have blocked many of those login attempts.”
The post also explained that the “dump” of emails and passwords wasn’t from any kind of leak in Gmail itself, but was likely harvested from “other sources” over time — smaller hacked sites, for instance, or malware on users’ own computers. Since many people reuse emails and passwords on other sites, such lists can be used by hackers to gain unauthorized access. If you might have been affected by the leak, Google should have already alerted you, locking down your account and requiring a password change. But if you’ve been meaning to change it anyway, there’s no time like the present — better safe than sorry.