5 million Gmail adresses and passwords dumped online

11 September 2014

Bitterwallet - Gmail phishing attack Nearly 5 million Gmail addresses and plain text passwords was posted on a forum this week, which is a massive pain in the arse for someone - probably the person who has to answer questions at Google about security breaches and the like.

Someone called 'tvskit' posted the archive file on a Bitcoin security forum called btcsec.com, which you can imagine, is a riotous read and will keep you entertained for literally seconds. They reckon that over 60% of the credentials in the file are valid.

"We can’t confirm that it is indeed as much as 60%, but a great amount of the leaked data is legitimate,” said Peter Kruse, the chief technology officer of CSIS Security Group. "We believe the data doesn't originate from Google directly. Instead it’s likely it comes from various sources that have been compromised."

What that means is, Google haven't been hacked, but rather, accounts on other sites where people have used their Gmail addresses as the user name have been obtained.

Google said: "The security of our users is of paramount importance to us. We have no evidence that our systems have been compromised, but whenever we become aware that an account has been compromised, we take steps to help our users secure their accounts."

In conclusion, here's the usual 'you might want to change your password on sites where you've used your Gmail address as a user name' advice.

TOPICS:   Technology   Privacy

What do you think?

Connect with Facebook, Twitter, or just enter your email to sign in and comment.

Your comment