Five Million Gmail Passwords Leaked

Google admitted that as many as Five Million Gmail Passwords Leaked online, but denied that this was the result of an attack against the company.

The full list of login details was leaked on a Russian forum, with the Gmail addresses and purported passwords posted together. However, Google said that many of the passwords were either inaccurate or outdated, saying the list may have been culled from attacks against other sites where Gmail addresses are used as the login name. Still, to be on the safe side, Google reset passwords for all affected accounts.

“One of the unfortunate realities of the internet today is a phenomenon known in security circles as ‘credential dumps’ - the posting of lists of usernames and passwords on the web,” Google stated in a post on its Online Security Blog.

Google advises users to protect their passwords using two-step verification 

‘We’re always monitoring for these dumps so we can respond quickly to protect our users. This week, we identified several lists claiming to contain Google and other Internet providers’ credentials.

‘We found that less than two per cent of the username and password combinations might have worked, and our automated anti-hijacking systems would have blocked many of those login attempts.”

How will it affect you?

If your email was one of the addresses on the list, Google has already reset your login, so there’s no need to worry. However, if you use that same password on other sites, you should change your login details for those sites, too. That may seem onerous, but it’s especially important for your email account: if someone can access that, they can use it to reset all your other login details, so make sure you choose a solid password for Gmail and other email.

Google advises users to turn on its two-factor authentication system, which adds an extra layer of security by sending a one time code to your mobile for logging in when you access an account from a new device. It’s worth taking Google up on that offer. You can check if your address was leaked at isleaked.com.

What do we think? 

Such incidents are a stark reminder that cyber criminals are actively targeting all of us online. However, modern web services such as Gmail do plenty to protect users and we should all take up Google’s extra layers of security, such as two-step verification, to make it harder for criminals to get an easier pay day.