5 Million Gmail Usernames, Passwords Hacked
Nearly five million usernames and passwords associated with Google Gmail accounts were hacked and leaked Tuesday on a Russian Bitcoin security forum.
According to a Tweet from Peter Kruse, a Danish cybersecurity expert, the data likely originated from a number of data breaches not just one. Most of the passwords were more than three years old, he added.
Even though the information appears to be outdated, security experts recommend that people regularly update their passwords in the event of such breaches. They also suggest that Gmail users take advantage of the two-factor authentication system, which offers an added layer of security.
Google: ‘No Evidence of Compromise’
Gmail and other Google services have been the target of numerous hacking attacks in recent weeks and months. We reached out to Google to learn more about this latest incident.
“The security of our users’ information is a top priority for us,” a Google spokesperson said. “We have no evidence that our systems have been compromised, but whenever we become aware that accounts may have been, we take steps to help those users secure their accounts.”
Other recent high-profile hacking incidents include a malware attack on Salesforce.com users, a security breach on JPMorgan Chase’s computer systems, the publication of nude photos stolen from a number of celebrities’ iCloud accounts, and payments-related security breaches at Home Depot, Goodwill and Target.
In the wake of Tuesday’s leak, many news sites recommended that Gmail users check IsLeaked.com to see whether their personal information was among the data that had been hacked. By midday Wednesday, the IsLeaked.com Web site was unavailable, presumably overloaded with visitors attempting to check their account information.
Like other tech companies, Google must play a non-stop game of cat-and-mouse to stay ahead of spam, hacks and other security breaches. After rolling out support for non-Latin characters in Gmail last month, for example, Google announced it would begin rejecting emails with combinations of letters determined to be suspicious under the Unicode Consortium’s “Highly Restricted” specifications.
According to Google insiders, there are no indications that Google’s internal systems were broken into or otherwise illicitly accessed in this latest data leak. Instead, such breaches are often the result of someone stealing usernames and passwords from malware-infected computers. That would explain why the list published Tuesday appears to have been pulled together from a number of older lists that had been assembled over time.