Good News! Five Million Gmail Passwords Leak - Update 3

 Pages 1 2 NEXT
 

Good News! Five Million Gmail Passwords Leak - Update 3

Gmail Password Leak 310x

Much of the leaked information is old, but you should check yourself before Russian hackers wreck...yourself?

Update 3: Companies concerned about the leak have started emailing their users and customers. I've received security emails from both Zappos and Etsy, and both companies are cross-referencing their user emails against the leak list. In both cases, they are automatically resetting passwords for any user who pops up on both lists.

While there's been no evidence of a Google security breach, and the information on the list is old, it's hard to argue with big tech/eCommerce brands being proactive about user and site security.

Update 2: Lifehacker has switched the email-checking tool in its post from IsLeaked to KnowEm, and we have done the same (see below). You should always use these kinds of tools at your own discretion, but KnowEm has been around for quite some time.

Update: Some sleuthing Redditors think the list isn't Gmail accounts and passwords, but rather Gmail accounts used to sign into other services, with passwords for those services. Either way, keep your security tight, folks!

Original Story: First, the bad news: The Daily Dot says that five million Google Gmail email addresses and their accompanying passwords were posted to a Russian Bitcoin forum called btcsec.com. The leak also includes credentials for Yandex, a Russian search company.

SECURITY CODE RED. NOBODY PANIC. WHY ARE YOU PANICKING?

Now, the good news! According to DD and Lifehacker, the posted information is old and probably outdated for most of the email addresses posted. Futhermore, both Google and Yandex say the information comes from "...years of phishing and hacking against individuals," meaning company systems were not penetrated in relation to the leak.

So what can you do to check yourself? First, head over to KnowEm, a tool (endorsed by Lifehacker) that you can plug your Gmail address into. The tool will tell you if the username is on the leak list. If it is, it will also post the first two characters of the associated password. I plugged my several Gmail addresses into the tool, and one was on the list. Thankfully, based on the password character display, the password on the list is one I stopped using on the account a long time ago.

But I can't blame you for being paranoid, so the two other steps you can take? Change your password (obviously), and make sure two-step authentication is active on all necessary accounts. Details on Google's 2-Step Verification can be found here.

Source: The Daily Dot

Permalink

This leak seems to be -really- old. I ran mine and my partner's email through the tool and his came up with his old password that was last used six years ago. Mine isn't even on there and I'm going to presume it's because my gmail isn't as old as his.

Yeah, I checked to see if mine was, but looks like it wasn't leaked. Then again, I've changed my password for my accounts every 90 days, so that's probably why. :P

The link you posted to check leaked status is giving a 502 error, FYI.

Agayek:
The link you posted to check leaked status is giving a 502 error, FYI.

Site is getting slammed from the press today, try it again in a few minutes.

As for the old info? I feel like The Escapist readership is largely smart enough to change passwords regularly. So while this is still an interesting/important story, I'd be shocked to see any of you all post saying your Gmail account was compromised.

-Devin Connors
Tech Editor, Password Protector

blackrave:

Devin Connors:

Good News Everyone! Five Million Gmail Passwords have been Leaked

Fixed it for you, free of charge :D

That... it's such a small change but it's now perfect. :D

I changed my G-mail password pretty recently after the Ebay debacle. I tend to rotate out passwords anyway, especially on vital things like email, so i try not to worry.

That is pretty long ago yes but for those that don't change their passwords once in a while. I suggest to three times a year change your much used passwords. Or at least once a year.

The hardest thing here is how my tablet seems to lack an "underscore" sign. but with a blue tooth keyboard I can get my passwords on my tablet.

"666999" is on the list, lol!
Yeah, use a password manager and random passwords for all accounts, folks.
That get's brute forced in litterally microseconds. :S

Kenjitsuka:
"666999" is on the list, lol!
Yeah, use a password manager and random passwords for all accounts, folks.
That get's brute forced in litterally microseconds. :S

image

Says it all really. I love XKCD. It's so applicable in every situation.

Good for fucking them. All they are gonna see from me is is junk mail, ads and rejected jobs letters.

"Sorry we will not be able to put through your application form as you have been unsuccessful. Please keep checking our website for more vacancies"

Good luck reading that a million times you pathetic piece of hacking human SCU... sorry about that.

blackrave:

Devin Connors:

Good News Everyone! Five Million Gmail Passwords have been Leaked

Fixed it for you, free of charge :D

I changed my headline accordingly! Haha. Such things can happen now that our headline isn't tied to the URL.

-Devin Connors
Tech Editor, Headline Perfectionist

And now for the interesting question: how exactly did they do it?

Checked all three of my main gmail accounts and none of them are listed. So that's good XD

I always end up changing my password every few months on most sites anyway, also not surprised it's Russians again, I love how they contribute to the world by being destructive, brutish and rude.

Call generalizations all you want but history and current events are telling me otherwise.

I don't want to change my password. Have fun sorting trough my e-mail, hackers.

All clean on my end, but I'll be spreading the word around and changing my password just to be safe.

My email didn't make the cut, thankfully considering it's my android account too. I sometimes wonder how people can fall for perishing scams though, some people really need to go back to school.

Found mine, but it's an old one. I will say that this appears to be a hack, not just something pulled from other websites, as it was a password that I only ever used on gmail.

none of my gmail addresses are on the list and I use a password manager which randomly generates a unique password every time I change it. Plus I am usually very good at spotting a phishing attempt

I just checked my Gmail, and nothing. Based on other responses here, this is a pretty old leak and my Gmail account is fairly new, so I probably have little to worry about.

Yay.

Devin Connors:
First, head over to IsLeaked, a tool that you can plug your Gmail address into.

Please remove the link to IsLeaked. Lifehacker has revoked their endorsement after finding out that it had been registered 2 days before the leak went public.

Lifehacker.com:
Note: We've removed the link to the password checker tool due to some controversy surrounding it. Your best bet is to just change all of your passwords right now. If you really want to use the tool, there are plenty of links to it on other sites.

Alas, I only clicked on the lifehacker link after I "tested" my mails.

They had me. Fortunately it was an old password.

image

whoot, not on it :D

course >.> I don't really do shit with my Gmail account .....

If you're on this list, you've been phished and should be ashamed of yourself.

I'm safe, but have an old account, so I was probably in danger of it anyway.

Is it me or are the Russians out of control lately? I mean every thing you see that s compromised was from Russians (not all but a lot of main stories).

Aeryn Seoung:
This leak seems to be -really- old. I ran mine and my partner's email through the tool and his came up with his old password that was last used six years ago. Mine isn't even on there and I'm going to presume it's because my gmail isn't as old as his.

I'm glad I read this post, because I had an older gmail account I'd forgotten about. It wasn't listed, but if it had been I would have liked to know.

I am not sure how passwords can leak, considering they usually dont hold liquids inside them.

Silly headlines aside, i checked and my email is not on the list, as to be expected as i dont get phised. but now they know my email, so thats a nice trick you got there.

XenoScifi:
Is it me or are the Russians out of control lately? I mean every thing you see that s compromised was from Russians (not all but a lot of main stories).

Erm no, its just that we finally starting to report on that stuff. they were "out of control" since internet was available. Its a culture thing.

Agayek:
image

Says it all really. I love XKCD. It's so applicable in every situation.

Hmm, gonna keep this in mind.

OT: All clear. Made my heart jump for a second however. Should probably do a through sweep through my old emails one of these days.

Thanks for the heads up. Mine wasn't on the list, and I doubt they would have had my current password, because I changed that back when the whole heartbleed thing happened.

Well, they've got a several year old GMail password of mine (circa 2004-2005 or so). Though, I suppose that's why some accessed another account of mine that used my email as a username and that particular password (I use that same password as my password for throwaways and things I don't care too much about these days).

Sewa_Yunga:

Devin Connors:
First, head over to IsLeaked, a tool that you can plug your Gmail address into.

Please remove the link to IsLeaked. Lifehacker has revoked their endorsement after finding out that it had been registered 2 days before the leak went public.

Lifehacker.com:
Note: We've removed the link to the password checker tool due to some controversy surrounding it. Your best bet is to just change all of your passwords right now. If you really want to use the tool, there are plenty of links to it on other sites.

Alas, I only clicked on the lifehacker link after I "tested" my mails.

I don't think you're in any danger from using that first IsLeaked link. All it did was search text for an email address that would have already been on the list. That said, I did re-link to KnowEm, which is a known, reputable security firm.

-Devin Connors
Tech Editor

The leaked list is really old. My email was on there, but the password it had is over a year old.

Strazdas:
I am not sure how passwords can leak, considering they usually dont hold liquids inside them.

Silly headlines aside, i checked and my email is not on the list, as to be expected as i dont get phised. but now they know my email, so thats a nice trick you got there.

XenoScifi:
Is it me or are the Russians out of control lately? I mean every thing you see that s compromised was from Russians (not all but a lot of main stories).

Erm no, its just that we finally starting to report on that stuff. they were "out of control" since internet was available. Its a culture thing.

leak
lēk/
verb
verb: leak; 3rd person present: leaks; past tense: leaked; past participle: leaked; gerund or present participle: leaking

1.
(of a container or covering) accidentally lose or admit contents, especially liquid or gas, through a hole or crack.
"the roof leaked"
synonyms: seep (out), escape, ooze (out), secrete, bleed, emanate, issue, drip, dribble, drain; More
discharge, exude
"oil leaking from the tanker"
(of liquid, gas, etc.) pass in or out through a hole or crack by accident.
"water kept leaking in"
2.
(of secret information) become known.
"the news leaked out"

Because each word has one UND PRECISCELY VON meaning... Sorry but that was just calling to be pointed out.

OT: All clear on my end, phew! Even though I do change my password yearly so from what I gather I would have been ok.

 Pages 1 2 NEXT

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here