Five million Gmail users that had their passwords leaked?
Google have admitted that up to five million Gmail passwords and address have been leaked online, but they are denying this was a direct attack on the company its self.
The leaked list of login details were leaked on a Russian forum, the Gmail address along with passwords were supposedly posted together. Google have said that most of the passwords were out-dated or incorrect and the list could have been made from an attack on another site were Gmail address were uses as logins. Google did reset the passwords for all affected accounts just to be on the safe side.
Google have said on their online Security Blog that “One of the unfortunate realities of the internet today is a phenomenon know in security circles as ‘credential dumps’ (the posting of usernames and passwords on the web).
“We are always monitoring for these dumps so we can respond quickly to protect our users. This week, we identified several list claiming to contain Google and other Internet providers credentials.”
“We found that less than 2% of the usernames and passwords combination would have worked, our automated anti-hijacking system would have blocked most of the login attempts.”
So how does this affect you?
If you were one of the unlucky ones that did have your Address and password on the list, Google have already rest your password, so there is no need to worry. If you used the same password for other sites you might want to change it, this is especially important for your email account: because if someone can access your email account they can use that to reset all other login details, so please always make sure you have a good strong password for your Gmail or any other emaill accounts you use.
Google have also advised that all useres should turn on the two-step authentication system, this will add an extra layer of security by sending a one time code to your mobile number when you access the account from a new device. Its worth setting up for the extra protection. If you want to check and see if your address was leacked please go to isleaked.
What do I think?
These sorts of incidents are a big reminder that cybercriminals are actively targeting all of us. Modern web services like Gmail do their best to try and protect us; all of us should use Google’s extra security and make it as hard as possible for the criminals.
I think it’s a good thing that Google has taken the time to explain the incident in great detail as this has helped to take some of the hysteria out off the incident, and helps to show “hacks” are not always as bad as they are claimed to be.