Thursday , December 13 2018 Ausdroid » Software » Apps, Games & Google Services » Nearly 5 Million Gmail login credentials were leaked – less than 2% were valid

Google Login
We all like to think our accounts are secure, but every time we hear about a breach we all shudder a little. Well, overnight Time Magazine reported on leak of 4.93 million usernames and passwords, being posted on a Russian Bitcoin security forum late Tuesday.

While the forum where the leak occured, assured that at least 60% of the credentials leaked were in fact active and ready to be ‘used’, the reality is, that that was not the case. As usual, Google was onto the leak and advised that they were aware of the leak and reported on the legitimacy on their Online Security blog, where they said :

We found that less than 2% of the username and password combinations might have worked, and our automated anti-hijacking systems would have blocked many of those login attempts. We’ve protected the affected accounts and have required those users to reset their passwords.

Google were quick to point out that the leak was not the result of a breach of their security, but most likely a result of malware or phishing used to acquire the details :

It’s important to note that in this case and in others, the leaked usernames and passwords were not the result of a breach of Google systems. Often, these credentials are obtained through a combination of other sources. For instance, if you reuse the same username and password across websites, and one of those websites gets hacked, your credentials could be used to log into the others. Or attackers can use malware or phishing schemes to capture login credentials.

To protect your Google account online, Google recommends using strong passwords – we recommend using something like LastPass with generated passwords – as well as using 2-Step Authentication.

If the Heart Bleed SSL bug didn’t make you switch over to a password manager with individual passwords for each site, perhaps this will.

Source: Google Online Security blog, and Google Online Security blog.

Daniel Tyson   Ausdroid's Editor in Chief

Dan is a die-hard Android fan. Some might even call him a lunatic. He's been an Android user since Android was a thing, and if there's a phone that's run Android, chances are he owns it (his Nexus collection is second-to-none) or has used it.

Dan's dedication to Ausdroid is without question, and he has represented us at some of the biggest international events in our industry including Google I/O, Mobile World Congress, CES and IFA.

6
Join the Ausdroid Conversation

avatar
4 Comment threads
2 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
6 Comment authors
Darren FergusonDaniel NarbettMattdazweejaMInds1973 Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
Darren
Ausdroid Reader
Darren

If you are worried you can download the whole list and see if you are in there. It was a 100mb txt file compressed down to 30mb. You’ll need something better than standard notepad to open it.

I found a link to it from the slashdot article (near top in comments).

Matt
Ausdroid Reader
Matt

LastPass (or others) are the way to go.

dazweeja
Ausdroid Reader

I’m not sure it’s accurate to call them ‘Gmail logjn credentials’. They are login credentials where the username includes a Gmail address. That really has nothing to do with Gmail at all. If they stole these credentials from other sites – which seems to be the case – there’s no assurance that Gmail is even the service where these details are most likely to work. For me, if they have my details they most likely got them from a site where I used the password that I don’t care about. In which case, they can probably log into other sites… Read more »

Andrew Palozzo
Guest

I login to my email for a few different places, so I need to know my password, but yeah, if you have anything important there, make sure you’re using 2 form factor authentication….

MInds1973
Guest
MInds1973

Start earning with G0ogle. Just w0rk f0r few hours and have m0re time with friends and family. I earn up to 500 per week. Its actually the easiest way 0f earning. Linked Here…started——huluwork.Com

Daniel Narbett
Guest
Daniel Narbett

Erhmagerd!

Check Also

Transformers fans can become Bumblebee with this new Augmented Reality helmet from Hasbro

With the latest Transformers movie, Bumblebee arriving in cinemas this week, the obvious toy merchandise …