Gmail credentials leaked online?
Oh my God! Again I have to change my password…!! Yes, you heard right. Millions
of Gmail account credentials (email address and password) have been stolen and
made publicly available through an online forum, causing a large number of
users worldwide to change their Gmail password again.
The website that published the
email addresses with matching passwords is Russian. The credentials seem to be
old and likely sourced from multiple data breaches. It is believed that the
leaked passwords are not necessarily those used to access Gmail accounts, but
seem to have been gathered from other websites where users used their Gmail
addresses to register.
5 MILLION GMAIL CREDENTIALS LEAKED
ONLINE
The news broke when a user posted
a link to the log-in credentials on Reddit frequented by hackers, professional
and aspiring. But the archive file containing nearly 5 million Gmail addresses
and plain text passwords was posted on Russian Bitcoin security forum known
as btcsec.com on Tuesday night by a user with the online alias “tvskit”,
according to C News, a Russian news outlet.
The user who exposed Gmail users’ credentials said that
almost 4.93 million accounts allegedly affected belong to English, Russian and
Spanish users and claimed that over 60 percent of accounts are active.
This means, there is a silver
lining in this leak, i.e., 40 percent of the passwords are invalid or out of date,
which could be a good news for those Gmail users who have recently changed
their passwords and are concerned about their account’s security – there’s a
chance that they’re not at risk at all.
"We can't confirm that it is
indeed as much as 60 percent, but a great amount of the leaked data is
legitimate," said Peter Kruse, the chief technology officer of CSIS
Security Group.
GOOGLE SAYS NO SECURITY BREACH
Google, on its part, believes that
the usernames and passwords didn’t come from a security breach of its system.
That means, the credentials had been stolen by phishing campaigns and
unauthorized access to user accounts.
"It’s important to note that in this case and in others,
the leaked usernames and passwords were not the result of a breach of Google
systems," Google,
which operates Gmail email service, explained in a post on its online security blog. "Often, these credentials are
obtained through a combination of other sources."
"We found that less than 2% of the username and password
combinations might have worked, and our automated anti-hijacking systems would
have blocked many of those login attempts. We've protected the affected
accounts and have required those users to reset their passwords."
The leaked passwords not only give
access to users’ Gmail accounts, but other Google services as well, including
Google Drive, and the mobile payment system Google Wallet.
CHECK IF YOU ARE AFFECTED
A website called isleaked.com
allows users to check if their email address is among those leaked. People who
are concerned about the security of their account are advised to go ahead and
change their password.
I already have Google two-factor authentication (2FA)
enabled and recommend you same to do this for Google and other accounts. Many
web services, including Gmail, Facebook, Twitter, Dropbox, Github and AWS,
offer 2FA option, a security measure where users are required to provide a
passcode sent to their mobile devices before any changes can be made to their
account. This would prevent an attacker from logging in without access to a
user’s smartphone.
Hello, my name is Mirswad.Entrepreneur, Youtuber and Blogger.
No comments:
Post a Comment