Friday , October 20 2017

Nearly 5 Million Gmail login credentials were leaked – less than 2% were valid

Google Login
We all like to think our accounts are secure, but every time we hear about a breach we all shudder a little. Well, overnight Time Magazine reported on leak of 4.93 million usernames and passwords, being posted on a Russian Bitcoin security forum late Tuesday.

While the forum where the leak occured, assured that at least 60% of the credentials leaked were in fact active and ready to be ‘used’, the reality is, that that was not the case. As usual, Google was onto the leak and advised that they were aware of the leak and reported on the legitimacy on their Online Security blog, where they said :

We found that less than 2% of the username and password combinations might have worked, and our automated anti-hijacking systems would have blocked many of those login attempts. We’ve protected the affected accounts and have required those users to reset their passwords.

Google were quick to point out that the leak was not the result of a breach of their security, but most likely a result of malware or phishing used to acquire the details :

It’s important to note that in this case and in others, the leaked usernames and passwords were not the result of a breach of Google systems. Often, these credentials are obtained through a combination of other sources. For instance, if you reuse the same username and password across websites, and one of those websites gets hacked, your credentials could be used to log into the others. Or attackers can use malware or phishing schemes to capture login credentials.

To protect your Google account online, Google recommends using strong passwords – we recommend using something like LastPass with generated passwords – as well as using 2-Step Authentication.

If the Heart Bleed SSL bug didn’t make you switch over to a password manager with individual passwords for each site, perhaps this will.

 
Source: Google Online Security blog, and Google Online Security blog.

Daniel Tyson   Editor

Dan is a die-hard Android fan. Some might even call him a lunatic. He's been an Android user since Android was a thing, and if there's a phone that's run Android, chances are he owns it (his Nexus collection is second-to-none) or has used it.

Dan's dedication to Ausdroid is without question, and he has represented us at some of the biggest international events in our industry including Google I/O, Mobile World Congress, CES and IFA.

Join the Ausdroid Conversation

6 Comments on "Nearly 5 Million Gmail login credentials were leaked – less than 2% were valid"

avatar
Sort by:   newest | oldest | most voted
Member
Darren

If you are worried you can download the whole list and see if you are in there. It was a 100mb txt file compressed down to 30mb. You’ll need something better than standard notepad to open it.

I found a link to it from the slashdot article (near top in comments).

Member
Matt

LastPass (or others) are the way to go.

Member
I’m not sure it’s accurate to call them ‘Gmail logjn credentials’. They are login credentials where the username includes a Gmail address. That really has nothing to do with Gmail at all. If they stole these credentials from other sites – which seems to be the case – there’s no assurance that Gmail is even the service where these details are most likely to work. For me, if they have my details they most likely got them from a site where I used the password that I don’t care about. In which case, they can probably log into other sites… Read more »
Andrew Palozzo
Valued Guest

I login to my email for a few different places, so I need to know my password, but yeah, if you have anything important there, make sure you’re using 2 form factor authentication….

MInds1973
Valued Guest
MInds1973

Start earning with G0ogle. Just w0rk f0r few hours and have m0re time with friends and family. I earn up to 500 per week. Its actually the easiest way 0f earning. Linked Here…started——huluwork.Com

Daniel Narbett
Valued Guest
Daniel Narbett

Erhmagerd!

wpDiscuz

Check Also

The surreal sequel to Monument Valley will launch on November 6th.

It’s been more than three years since we were first introduced to Princess Ida and …