5 Million Gmail Usernames and Passwords Compromised

Gmail Security Alert!


A number of reports indicate that up to 5 million Gmail usernames and passwords have been dumped on a Russian Bitcoin forum. According to PC World, a good deal of these credentials have been confirmed to be in active use; however, many of the username/password combinations are up to 3 years old. There is also strong evidence that the leaked passwords may actually just be passwords to other websites, where Gmail addresses were just used as usernames.

As yet, Google has not found evidence of any compromise of its systems, and most reports indicate that the information was collected elsewhere.

What does this mean for you?

Besides being another “hacker headline” you may just wish to causally dismiss, this latest breach is yet another reminder that passwords are not perfect. It may also mean that it is time to change your Gmail password, just to be on the safe side. As an additional precaution, you can also enable two-factor authentication on your Gmail account. Google provides information on this security measure here, along with instructions on how to set it up. Spoiler alert: click on your avatar when logged into Gmail (top-right corner), click Account, click the Security tab in your Google+ profile, find 2-Step Verification under Password, and then click Settings.

Also: watch out for fake “email integrity” check sites. These are sites that offer to check whether your email address has been hacked, and while many of them may be legitimate, others can actually be phishing sites setup by hackers, in order to collect email addresses to spam advertisements or malware.

For more information, you can also check out some of the articles listed below:

Have a nice (malware-free) day!

  • Legend

    Any consumer who have an economic loss or identitheft due to any data breach, caused bye a vendor who have stored sensitive personal information form its consumers, should be held economically responsible, and cover any loss that the data breach has inflicted. The burden of proof should always lie with the the provider of the service. That should give a motivation to use more resources on better overall security. Centralized customer database is too easy to break by spear fishing, that we see almost on weekly basis.

    • Good point when you can prove severe negligence, but I don’t think that this would work with general data breaches.

      • Legend

        I think you’re right Sebaztian . Just a footnote if i may. It’s somehow still alarming that the “Two-factor authentication” who has existed for some time now, and even though it is not the golden solution,…. then there is still a lot of users who don’t use that security feature at all ,(and a lot of vendors who dont offer that… ) to enhanced their protection. ( maybe the industry has to rethink a new ” password ” strategy/policy). The user has of course, also a responsibility. =)

        • Yes, definitely. Two-factor authentication is something many people still don’t use and are still not aware of, although it could already prevent a lot of account “hacks”.

  • Anesidora

    I think you are both correct, however… So far the sites are asking for information (such as a phone number) which I NEVER give out. There are precious few who have my phone number or my home address (despite IP nomenclature) and all others can simply go fish.
    A better method needs to be devised as close personal information is something I do not hand over lightly.

    • Being cautious and reluctant when it comes to sharing personal contact information is a good strategy. When you look back, just at this year’s security breaches at some of the bigger, well known companies, it seems like somehow parts of our info must have leaked already somewhere. Additionally, there’s probably lots of unconfirmed sharing of basic customer information like phone numbers and addresses between marketing departments of other companies happening on an ongoing basis …

  • BenDarrenBach

    To be a legend you would need to correct your grammatical errors!

    • Legend

      BenDarrenBach… English is far from my native tongue. And yes my syntax it’s properly far from perfect. But you can only improve yourself, by digging into it. And regarding the name “Legend”, then it refers to another story, …a quite funny story actually. So the name Legend is not equal to a oversized ego. =D thanks for your feedback.

      • Simone Jamilla

        Some folks just can’t help themselves Legend! I myself, found your comments very helpful. Thanking you! :)

        • Legend

          Thanks for your kind words, ” Simone Jamilla” =)

  • Doski

    Google denies Breach ! WOW. Just like Micro$oft and Govt., deny, deny, Deny and DENY some more. Nothing surprising there either.

    • I guess when things go wrong, companies look very carefully at the definition of words like “breach” and how to present their cases in light of these definitions