, and

Google Login
We all like to think our accounts are secure, but every time we hear about a breach we all shudder a little. Well, overnight Time Magazine reported on leak of 4.93 million usernames and passwords, being posted on a Russian Bitcoin security forum late Tuesday.

While the forum where the leak occured, assured that at least 60% of the credentials leaked were in fact active and ready to be ‘used’, the reality is, that that was not the case. As usual, Google was onto the leak and advised that they were aware of the leak and reported on the legitimacy on their Online Security blog, where they said :

We found that less than 2% of the username and password combinations might have worked, and our automated anti-hijacking systems would have blocked many of those login attempts. We’ve protected the affected accounts and have required those users to reset their passwords.

Google were quick to point out that the leak was not the result of a breach of their security, but most likely a result of malware or phishing used to acquire the details :

It’s important to note that in this case and in others, the leaked usernames and passwords were not the result of a breach of Google systems. Often, these credentials are obtained through a combination of other sources. For instance, if you reuse the same username and password across websites, and one of those websites gets hacked, your credentials could be used to log into the others. Or attackers can use malware or phishing schemes to capture login credentials.

To protect your Google account online, Google recommends using strong passwords – we recommend using something like LastPass with generated passwords – as well as using 2-Step Authentication.

If the Heart Bleed SSL bug didn’t make you switch over to a password manager with individual passwords for each site, perhaps this will.

Source: Google Online Security blogGoogle Online Security blog.
    6 Comments
    newest
    oldest most voted
    Inline Feedbacks
    View all comments
    Darren Ferguson
    Darren Ferguson
    6 years ago

    If you are worried you can download the whole list and see if you are in there. It was a 100mb txt file compressed down to 30mb. You’ll need something better than standard notepad to open it.

    I found a link to it from the slashdot article (near top in comments).

    Matt
    Matt
    6 years ago

    LastPass (or others) are the way to go.

    dazweeja
    dazweeja
    6 years ago

    I’m not sure it’s accurate to call them ‘Gmail logjn credentials’. They are login credentials where the username includes a Gmail address. That really has nothing to do with Gmail at all. If they stole these credentials from other sites – which seems to be the case – there’s no assurance that Gmail is even the service where these details are most likely to work. For me, if they have my details they most likely got them from a site where I used the password that I don’t care about. In which case, they can probably log into other sites… Read more »

    Andrew Palozzo
    6 years ago

    I login to my email for a few different places, so I need to know my password, but yeah, if you have anything important there, make sure you’re using 2 form factor authentication….

    MInds1973
    MInds1973
    Reply to  Andrew Palozzo
    6 years ago

    Start earning with G0ogle. Just w0rk f0r few hours and have m0re time with friends and family. I earn up to 500 per week. Its actually the easiest way 0f earning. Linked Here…started——huluwork.Com

    Daniel Narbett
    Daniel Narbett
    Reply to  MInds1973
    6 years ago

    Erhmagerd!