Skip to main content

Just read this:-

 

Millions of Gmail  users are being advised to change their passwords after a database with  usernames and passwords was hacked and exposed on an internet site.

Hackers revealed  nearly 5 million Gmail account details and passwords on Bitcoin Security – a  popular Russian website devoted to cryptocurrency.

The leak became  known after a user posted a link to the log-in credentials on Reddit frequented  by hackers, professional and aspiring.

Read more: http://www.dailymail.co.uk/new...e.html#ixzz3DIM33pfL Follow us: @MailOnline on Twitter | DailyMail on Facebook

Replies sorted oldest to newest

Courtesy of Arizona University and Slate

 

Your Gmail Probably Wasn't Hacked. But That Doesn't Mean You're Safe.

  Less than 2 percent of the stolen passwords actually worked for active Gmail accounts, Google says.

Screenshot / Google Security Blog

Several tech blogs on Wednesday reported that hackers have leaked some 5 million stolen Gmail passwords to a Russian forum. That’s not quite right.

 
 Will Oremus

Will Oremus is Slate's senior technology writer.

What’s true is that hackers appear to have leaked some 5 million stolen passwords to a Russian forum, each with an associated Gmail address. That might sound like the same thing, but it isn’t. While the emails are clearly Gmail addresses, the passwords could be passwords for anything, and they may or may not be current.

For example, in theory, some could be passwords stolen from a service like LinkedIn or eHarmony in a notable hack two years ago—passwords that happened to be linked to people’s Gmail addresses, but were not necessarily the same ones those people actually used to log in to Gmail. In that case, it would be inaccurate to call them Gmail passwords.

In fact, Google told me Wednesday afternoon that it responded to the leak by quickly checking all of the stolen credentials to see if they actually worked as Gmail account logins. It found that only 1 to 2 percent worked for the service. And the company responded by immediately securing those accounts and prompting their owners to change their passwords. Finally, Google reported that its own systems were not breached in any way.

Google has also just published a blog post reiterating these points. If Google is right, then virtually no one’s Gmail account should be vulnerable at this point. Still, the company has rolled out a new feature called Account Checkup, which you can use to quickly make sure no one suspicious has logged into your account lately. It will also prompt you to update your password recovery information and check what other apps you’ve given access to your account. You can find the tool here.

It's your non-Gmail accounts that you need to worry about now.

The most likely hypothesis I’ve heard is that they’re actually passwords cobbled together from all sorts of hacked sites across the Web over the years. Perhaps some industrious hacker assembled such a master list and then filtered it down to a list of only those in which the username happened to be a Gmail address. This would fit with the news that hackers have recently leaked similar lists for users of the Russian email services Yandex and Mail.Ru. I wouldn’t be surprised if we soon see a list of stolen passwords that correspond only to Yahoo Mail accounts, or to Hotmail accounts.

So if anything, it might be your other accounts that you need to worry about most in the wake of the latest password dump. If your email address and a password are floating around on hacker forums right now, it’s a good bet that someone somewhere will be trying to plug those credentials into a wide range of popular websites, just on the off chance that they’ll work.

The best steps you could take in response, then, are the same basic steps that everyone always recommends you take:

  1. Make sure your passwords are strong.
  2. Make sure you’re using a different one (even if only by one or two characters) for every important site.
  3. For the very most important ones, like your primary email account, your bank, and maybe your Dropbox or iCloud, make sure you’re changing them on a semi-regular basis—and that you have two-factor verification enabled. That way, even if hackers get your password, they won’t be able to log in to your account without access to your phone.

I know, I know: Managing passwords is a hassle. But so is having your identity stolen—or your naked selfies.

Previously in Slate:

Future Tense is a partnership of SlateNew America, and Arizona State University.

Mount Olympus *Olly*
Last edited by Mount Olympus *Olly*
Originally Posted by Pengy:

I changed it any way but couldn't do the dogs because I can't remember his password and they want you to remember when you started the account before you can change it 

So there's a hacker out there whose name is Fido, whose favourite food is Boneo and whose favorite activities are digging holes and chasing cats!

Extremely Fluffy Fluffy Thing
Originally Posted by Extremely Fluffy Fluffy Thing:
Originally Posted by Pengy:

I changed it any way but couldn't do the dogs because I can't remember his password and they want you to remember when you started the account before you can change it 

So there's a hacker out there whose name is Fido, whose favourite food is Boneo and whose favorite activities are digging holes and chasing cats!

 

the dog has an FB account so he can be a neighbour for a game I play 

FM

Add Reply

×
×
×
×
Link copied to your clipboard.
×
×