5 Million Gmail Usernames and Passwords Compromised
Gmail Security Alert!
A number of reports indicate that up to 5 million Gmail usernames and passwords have been dumped on a Russian Bitcoin forum. According to PC World, a good deal of these credentials have been confirmed to be in active use; however, many of the username/password combinations are up to 3 years old. There is also strong evidence that the leaked passwords may actually just be passwords to other websites, where Gmail addresses were just used as usernames.
As yet, Google has not found evidence of any compromise of its systems, and most reports indicate that the information was collected elsewhere.
What does this mean for you?
Besides being another “hacker headline” you may just wish to causally dismiss, this latest breach is yet another reminder that passwords are not perfect. It may also mean that it is time to change your Gmail password, just to be on the safe side. As an additional precaution, you can also enable two-factor authentication on your Gmail account. Google provides information on this security measure here, along with instructions on how to set it up. Spoiler alert: click on your avatar when logged into Gmail (top-right corner), click Account, click the Security tab in your Google+ profile, find 2-Step Verification under Password, and then click Settings.
Also: watch out for fake “email integrity” check sites. These are sites that offer to check whether your email address has been hacked, and while many of them may be legitimate, others can actually be phishing sites setup by hackers, in order to collect email addresses to spam advertisements or malware.
For more information, you can also check out some of the articles listed below:
- Five Million Gmail addresses and passwords dumped online, PC World
- Nearly 5 Million Google Passwords leaked on Russian Site, Time.com
- 5 Million Gmail Usernames, Passwords Hacked And Posted To Russian Bitcoin Forum: Report, International Business Times
Have a nice (malware-free) day!
Malware Alert: Dyre steals Salesforce login credentials, and doesn't even call you back