Gmail experiences huge email leak, but don’t panic yet

by Leave a Comment

Gmail experiences huge email leak, but don’t panic yet

Follow the advice from “The Hitchhikers Guide to the Galaxy”: Don’t Panic!

Over 5 million Gmail addresses and passwords were posted on a Russian Bitcoin forum on Tuesday. But security experts are now reporting that the vast majority of the passwords are either old or don’t appear to belong to actual Gmail accounts. Many of the passwords appear to have been taken from less secure websites where Gmail addresses were used as usernames.

For example, someone signed up for a website with the username “myaddress@gmail.com” and the password “mypassword.” The list makes it look like “mypassword” is the password for the Gmail account itself. However, the user’s actual Gmail password might be completely different.

Matteo Flora, a computer security expert, reviewed the dumped file and found that around 60 email addresses were in his address book. After he alerted those people, 30 of them told him that the password either was never used for their Gmail accounts or was very old. Thousands of accounts might not even be valid. Several Reddit users also confirmed that they found their email addresses in the leak, but that the associated password has never been their Gmail password.

Both Flora and some Reddit users have noticed that some email addresses are followed by a “+” sign and the name of a website. This might indicate which websites have been compromised. Some of the sites that have been identified this way include friendster, filedropper, xtube and freebiejeebies.

Even if this dump is simply a collection of old passwords belonging to minor sites, the issue is always the same: password reuse. If you tend to reuse your passwords, check this website to see if your Gmail address is on the list.

If it is, change your passwords, and choose long ones that combine special characters and numbers. Password managers can help you keep track of your accounts. “And stop being silly and use the same password for everything,” Flora said. Also, as usual, enable two-factor authentication on services that provide it, including Gmail. That way those accounts are more secure, even in the event that someone steals your password.

Oh, and don’t freak out.

Be social, please share!

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail

Leave a Reply

Your email address will not be published. Required fields are marked *