Slashdot Mirror

← Back to Stories (view on slashdot.org)

5 Million Gmail Passwords Leaked, Google Says No Evidence Of Compromise

Posted by samzenpus on from the big-list dept.

kierny writes After first appearing on multiple Russian cybercrime boards, a list of 5 million Google account usernames — which of course double as email usernames — are circulating via file-sharing sites. Experts say the information most likely didn't result from a hack of any given site, including Google, but was rather amassed over time, likely via a number of hacks of smaller sites, as well as via malware infections. Numerous commenters who have found their email addresses included in the list of exposed credentials say the included password appears to date from at least three years ago, if not longer. That means anyone who's changed their Google/Gmail password in the last three years is likely safe from account takeover.

6 of 203 comments (clear)

  1. OK by YrWrstNtmr · · Score: 4, Interesting

    So where do we go to find the actual "list of exposed credentials" ?

    1. Re:OK by Anonymous Coward · · Score: 2, Interesting

      some of the accounts are also on this 2012 list:

      https://dazzlepod.com/digitalplayground/?page=50

      i searched for a few, found some, couldn't find others - so this new list may be a compilation of other lists, or a continuation of the old one.

  2. 2 factor auth? by Anonymous Coward · · Score: 2, Interesting

    Interesting how that seems pretty close to when google enabled the 2 factor auth?

  3. Scary-ish by Torp · · Score: 1, Interesting

    I was on this list and i had an unique (for me) password for the google account. I've had the account since you had to beg for an invite to get in as well.

    --
    I apologize for the lack of a signature.
  4. Maybe a fraction of the actual list (and outdated) by John+Bokma · · Score: 4, Interesting

    I guess this is just a small fraction of the actual list, because such a list has a value and why just handing it out for free? Releasing a fraction and seeing people going upset because they are on the list, and it's actually their password, however, increases the value of the actual list. Even more so if the actual list is more recent.

    --

    Perl Programmer for hire
  5. Am I the only one? by Russ1642 · · Score: 4, Interesting

    A total surprise to me that my email address was on the list, and they had the current password. I changed that immediately and activated 2-factor authentication. So the next question is how did they get it? It's a unique string of random crap so it had to be intercepted rather than brute forced either with a malicious android app or, more likely, I signed in on a compromized computer. Anyone have any ideas?