Nearly 5 Million Google Account Passwords Reportedly Leaked

Nearly 5 Million Google Account Passwords Reportedly Leaked
A stash of roughly 5 million usernames and passwords of Google accounts (including Gmail, Google+) was reported to have been found on a Russian forum for Bitcoin security on Wednesday, before being removed. The leak is said to follow similar ones for Mail.ru and Yandex, the Russian email and search giants respectively.

CNews reports (via Daily Dot) Google representatives responded to local media saying most of the username and password combinations were either old or matched suspended accounts.

Google recommends users change their passwords, and also enable 2-step verification to ensure no misuse. The Google account credentials stash was posted on btsec.com by user tvskit, who claimed 60 percent of the passwords were still valid.

The same Bitcoin security forum has been the host of the Mail.ru and Yandex username and password leaks over the past few days, published in the form of text files, just like with the Google leak. The three leaks are said to contain credentials of English, Russian and Spanish-speaking users.

Notably, Google and Yandex say there is no evidence of a recent hack on their own systems, and that the credentials appear to have been collected over years through phishing and hacking attacks.

Mail.ru reportedly saw 4.66 million username and password combinations leaked on Tuesday, and Yandex 1.26 million on Monday. Apart from changing their passwords, users can also check if their Google, Mail.ru, and Yandex passwords are among those leaked, with the help of a search tool. Note, the tool may be temporarily inaccessible due to high traffic.

Update: Google has responded with a written statement on its Online Security blog, saying, "We found that less than 2 percent of the username and password combinations might have worked, and our automated anti-hijacking systems would have blocked many of those login attempts. We've protected the affected accounts and have required those users to reset their passwords."

Apart from reiterating that the leak was not the result of a breach of its systems, the company had prefaced the blog post saying, "One of the unfortunate realities of the Internet today is a phenomenon known in security circles as 'credential dumps' - the posting of lists of usernames and passwords on the web. We're always monitoring for these dumps so we can respond quickly to protect our users. This week, we identified several lists claiming to contain Google and other Internet providers' credentials."

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Intel's New Reference Design Comes With Promise of Android Updates Within 2 Weeks
Release of iPhone 6 Delayed in China

Related Stories

Share on Facebook Tweet Snapchat Share Reddit Comment
 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2021. All rights reserved.
Listen to the latest songs, only on JioSaavn.com