Apparently 5 million usernames and passwords to Gmail accounts have been leaked on a Russian Bitcoin Security forum. Some sources claim that the information leaked is quite old, meaning they were hacked a while ago. Some claim over 60% of the accounts leaked are still valid.
The leaked information gives access to Gmail and other Google services.
The Google leak surfaced a day after six million Mail.ru account details were reportedly stolen.
To check to see if your password had been leaked, plug your Gmail address into this online tool which also checks Yandex and Mail.ru emails against leaks. You may have problems loading the website currently as understandably it’s getting a high load of traffic.
[Update] There has been plenty of feedback regarding the authenticity of the IsLeaked.com site. As reported by The Blaze, blogger James Watt discovered that the site domain was registered a day before the big Google account leaks happened (9 September). Creators of IsLeaked.com, who identify themselves only as “a small team of IT specialists”, discovered the big leak from Russian provider- Mail.ru before the Gmail leak.
If you’re still unsure about the credibility of IsLeaked.com, you may want to try haveibeenpwned.com instead, created by Troy Hunt, a Microsoft Most Valuable Professional awardee for Developer Security and a blogger at troyhunt.com. Hunt is also an international speaker on web security and the author of many top-rating security courses for web developers. haveibeenpwned.com is a free resource to quickly assess if your online account has been compromised in a data breach.
Google went on record on their blog to say that less than 2% of the usernames and passwords were actually valid. It also said that its “anti-hijacking systems would have blocked many of those login attempts.” The search giant also stated that the leak was not the result of a breach of its own system.
On a personal note, a quick check against my email address revealed that it was indeed leaked and ‘pwned’ on two occasions – the much publicised leak at Adobe in October 2013 and of course the recent Gmail leak. The information, however, is at least several years old, and my password has since been changed several times.
As a precaution, you should change your password, and make sure you turn on 2-step verification.
[raw_html_snippet id=”google ad 300-250″]