Good News! Five Million Gmail Passwords Leak - Update 3

| 12 Sep 2014 01:40
Gmail Password Leak 310x

Much of the leaked information is old, but you should check yourself before Russian hackers wreck...yourself?

Update 3: Companies concerned about the leak have started emailing their users and customers. I've received security emails from both Zappos and Etsy, and both companies are cross-referencing their user emails against the leak list. In both cases, they are automatically resetting passwords for any user who pops up on both lists.

While there's been no evidence of a Google security breach, and the information on the list is old, it's hard to argue with big tech/eCommerce brands being proactive about user and site security.

Update 2: Lifehacker has switched the email-checking tool in its post from IsLeaked to KnowEm, and we have done the same (see below). You should always use these kinds of tools at your own discretion, but KnowEm has been around for quite some time.

Update: Some sleuthing Redditors think the list isn't Gmail accounts and passwords, but rather Gmail accounts used to sign into other services, with passwords for those services. Either way, keep your security tight, folks!

Original Story: First, the bad news: The Daily Dot says that five million Google Gmail email addresses and their accompanying passwords were posted to a Russian Bitcoin forum called The leak also includes credentials for Yandex, a Russian search company.


Now, the good news! According to DD and Lifehacker, the posted information is old and probably outdated for most of the email addresses posted. Futhermore, both Google and Yandex say the information comes from "...years of phishing and hacking against individuals," meaning company systems were not penetrated in relation to the leak.

So what can you do to check yourself? First, head over to KnowEm, a tool (endorsed by Lifehacker) that you can plug your Gmail address into. The tool will tell you if the username is on the leak list. If it is, it will also post the first two characters of the associated password. I plugged my several Gmail addresses into the tool, and one was on the list. Thankfully, based on the password character display, the password on the list is one I stopped using on the account a long time ago.

But I can't blame you for being paranoid, so the two other steps you can take? Change your password (obviously), and make sure two-step authentication is active on all necessary accounts. Details on Google's 2-Step Verification can be found here.

Source: The Daily Dot

Comments on