Millions of Gmail users are being advised to change their passwords after hackers have stolen and published a database containing the logins and passwords of nearly 5 Mn Google accounts.
As per reports, the data for 4.93 Mn Google accounts of English, Spanish and Russian speaking users was leaked and published on a Russian-language Bitcoin security online forum. About 60% of the accounts were active, claimed tvskit, the forum user who published the file.
The leak came into notice when a user posted a link to the log-in credentials on Reddit frequented by hackers, professional and aspiring.
You can check whether your email credentials are leaked or not here.
“We found that less than 2% of the username and password combinations might have worked, and our automated anti-hijacking systems would have blocked many of those login attempts. We’ve protected the affected accounts and have required those users to reset their passwords,” said Google.
“Some [credentials] have been confirmed to be three years old and some [are] suspected to be even older,” says Electronic-crime specialist Peter Kruse at CSIS Security Group in Copenhagen, Denmark.
Thus, any Google users whose details were compromised might not be at risk of account takeovers, incase they have changed their passwords in the last three years.
However, Google denied believing that this is the result of any sort of security breach on its end.
“It’s important to note that in this case and in others, the leaked usernames and passwords were not the result of a breach of Google systems. Often, these credentials are obtained through a combination of other sources,” said Google said.
For instance, if you reuse the same username and password across websites, and one of those websites gets hacked, your credentials could be used to log into the others. Or attackers can use malware or phishing schemes to capture login credentials.
The origin/source of the leak is still unknown, as of now.
A few final tips: Make sure you’re using a strong password unique to Google. Update your recovery options so we can reach you by phone or email if you get locked out of your account. And consider 2-step verification, which adds an extra layer of security to your account.
The news comes just a few days after over 4.6 Mn Mail.ru accounts and over 1.25 Mn Yandex e-mail boxes have also been compromised. Their information was also published on the Bitcoin Security forum.
