Slashdot Mirror

← Back to Stories (view on slashdot.org)

5 Million Gmail Passwords Leaked, Google Says No Evidence Of Compromise

Posted by samzenpus on from the big-list dept.

kierny writes After first appearing on multiple Russian cybercrime boards, a list of 5 million Google account usernames — which of course double as email usernames — are circulating via file-sharing sites. Experts say the information most likely didn't result from a hack of any given site, including Google, but was rather amassed over time, likely via a number of hacks of smaller sites, as well as via malware infections. Numerous commenters who have found their email addresses included in the list of exposed credentials say the included password appears to date from at least three years ago, if not longer. That means anyone who's changed their Google/Gmail password in the last three years is likely safe from account takeover.

107 of 203 comments (clear)

  1. OK by YrWrstNtmr · · Score: 4, Interesting

    So where do we go to find the actual "list of exposed credentials" ?

    1. Re:OK by Anonymous Coward · · Score: 5, Informative

      https://mega.co.nz/#!6hYWVIyI!vrrDuv3s3ZbMiobnv0sYFdIOsudQ44-oDobLInq00ls

      just the usernames, not the passwords.

    2. Re:OK by TACD · · Score: 5, Informative

      The list of email addresses (without passwords) is at https://mega.co.nz/#!rgFDDRSD!...

      --
      Security through promiscuity is no better than security through obscurity.
    3. Re:OK by Anonymous Coward · · Score: 5, Informative

      I'm not sure where the list is available, but you can check if you are on the list here

    4. Re:OK by DoofusOfDeath · · Score: 1

      Thanks. Just discovered that I'm on it. Damn.

    5. Re:OK by Richy_T · · Score: 5, Funny

      Maybe someone should just do a courtesy mass-mailing based on the list.

    6. Re:OK by PIBM · · Score: 1

      I'm on it, but I need to know which password was hacked. That would provide me a lot of info on what happened.

    7. Re:OK by peragrin · · Score: 1

      Next question is what about those with two factor authentication?

      My pass word is the same from both before and after but I have two factor authentication token as well

      --
      i thought once I was found, but it was only a dream.
    8. Re:OK by Anonymous Coward · · Score: 2, Interesting

      some of the accounts are also on this 2012 list:

      https://dazzlepod.com/digitalplayground/?page=50

      i searched for a few, found some, couldn't find others - so this new list may be a compilation of other lists, or a continuation of the old one.

    9. Re:OK by 2fuf · · Score: 2

      hunter7

    10. Re:OK by PIBM · · Score: 2

      Really ?? I don't even remember using that password somewhere, and I confirm I never used that on well known and large site.

      Thank you BTW

    11. Re:OK by stonecutter2 · · Score: 1

      Thanks, thought the exact same thing...

    12. Re:OK by Anonymous Coward · · Score: 2, Informative

      One of my accounts is listed, but the password is really old (6+ years) according to the hint from https://isleaked.com/en.php

    13. Re:OK by ShaunC · · Score: 1

      Preferably in as few messages with as many envelope recipients as possible. There would be epic fallout from all the Re: Re: REMOVE ME FROM THIS LIST.

      --
      Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
    14. Re:OK by Anonymous Coward · · Score: 1

      Did you check that they have her gmail password, or was it grabbed somewhere else?

      Top thread on Reddit's discussion talks about that - seems like passwords in there come from all kinds of places, like Dreamhost, Blizzard, Filedropper, ...

    15. Re:OK by alexhs · · Score: 1

      FYI, 2fuf was joking.

      --
      I have discovered a truly marvelous proof of killer sig, which this margin is too narrow to contain.
    16. Re: OK by Anonymous Coward · · Score: 5, Funny

      With typing skills like that how the fuck do you ever type your password correctly? :)

    17. Re:OK by Tablizer · · Score: 1

      Maybe someone should just do a courtesy mass-mailing based on the list.

      A Nigerian prince has already completed that task. I just hope he also mails me my loan back.

      --
      Table-ized A.I.
    18. Re:OK by PIBM · · Score: 1

      indeed, the 7 caught me offguard. I've managed to grab it and the password I had used match web based games I didn't care about (required signup for flash tests). Still nothing related to gmail directly.

    19. Re:OK by Mashiki · · Score: 2

      This account(and the publicly facing email address) is on the list new list, but not the old one. Except that the password listed is over 2 years old, feel free to look. So it makes me wonder where the pass was pulled from, if someone wants to try and figure it out that should be interesting. The only other places I've logged in from with this email address were in Florida via Brighthouse , and Nothern Alberta via bell wifi(rockethub). I have three other email addresses that I use, but none of them are on the list. But I've used this account and others on the same machines.

      That makes me believe that some data was pulled, but it may be old--or compiled from elsewhere.

      --
      Om, nomnomnom...
    20. Re:OK by Mashiki · · Score: 2

      Oh and I should toss in that this email address is/was only used on three sites. DSLReports, PWE(since moved to another account roughly 1 year ago), and Slashdot. But none of these sites used the same password as the email address.

      --
      Om, nomnomnom...
    21. Re:OK by Anonymous Coward · · Score: 1

      you mean hunter2 ?

      all i can see is *s

    22. Re: OK by solidraven · · Score: 1

      Same story, it's a joke password I've been using for the past 8 years or so for sites I don't trust or throw away accounts.

    23. Re:OK by Anonymous Coward · · Score: 1

      This is all bullshit. The list is over 10 years old and less than 2% is even actionable

    24. Re:OK by Anonymous Coward · · Score: 1

      My username is tacoman and my password is mrburrito

      Can someone tell me if I'm on the list?

    25. Re:OK by MrHanky · · Score: 1

      Unless you've used the same password for gmail as for whichever site has been hacked, it shouldn't matter. I found my gmail address, but the password had never been used at Google. The problem is if you've reused the password on a bunch of sites where your email address can be used as login.

    26. Re:OK by Anonymous Coward · · Score: 1

      Filthy casual!

      $ tar zxf google_5000000.txt.tar.gz

    27. Re:OK by Mike+Frett · · Score: 1

      My account is leaked also but I was one of the first to get a Gmail account and it's an extremely common word. People use mine as their Spam email and it's a big hassle. The password listed for mine is nowhere close to any of mine. So whoever is using my email are the ones in trouble.

    28. Re:OK by doccus · · Score: 1

      What a wonderful site! Didn't know about it...Thank you!

    29. Re:OK by Dextrously · · Score: 1

      I have an email address on there from an account that I canceled in November of 2012. The credentials that they do have for that account were never valid for logging in to that gmail account. Rather, those credentials were something I used on crappy sites which I didn't trust enough to put a decent password on.

      *shrugs* This list is definitely not pulled from Google, or they would have the correct password for that account.

    30. Re:OK by coinreturn · · Score: 1

      Unless you've used the same password for gmail as for whichever site has been hacked, it shouldn't matter. I found my gmail address, but the password had never been used at Google. The problem is if you've reused the password on a bunch of sites where your email address can be used as login.

      Same here. My email address, but a password I use for throwaway sites that I don't care about accessing.

  2. 2 factor auth? by Anonymous Coward · · Score: 2, Interesting

    Interesting how that seems pretty close to when google enabled the 2 factor auth?

  3. Apple needs to be held accountable... by frnic · · Score: 4, Funny

    Their security is deplorable and Apple should be legally responsible for any losses people incur as a result of this!

    1. Re:Apple needs to be held accountable... by DoktorMidnight · · Score: 1

      Their security is deplorable and Apple should be legally responsible for any losses people incur as a result of this!

      I'm not sure if that is really funny, really sad, or some kind of crazy, Google astroturf psyop. I'm going to be safe and assume that it is simultaneously all three.

    2. Re:Apple needs to be held accountable... by Anonymous Coward · · Score: 1

      At least you caught the joke. Too bad you took it personally.

  4. Quickly, change the password... by Anonymous Coward · · Score: 3, Funny

    From 123456 to abc123. There, I'm safe from Soviet hackers now.

    1. Re:Quickly, change the password... by webnut77 · · Score: 1

      I changed mine to hunter2.

      It's September, dummy. It should be hunter9.

    2. Re:Quickly, change the password... by ebvwfbw · · Score: 1

      From 123456 to abc123. There, I'm safe from Soviet hackers now.

      I'd fail the 8 char check. I'm safe. I changed it from Password1 to Password2!. They'll never think of that.

  5. Re:America did this by Anonymous Coward · · Score: 1

    It's funny that you say "true capitalism" is a fairy tale... and yet communism (I'm assuming you mean the "true" kind) is your goto.

    Maybe somebody should mod you funny.

  6. Just people using same passwords by blueshift_1 · · Score: 1
    I'd guess it's just hacks of other sites, filter it on just gmail accounts and hope they used the same password for both.

    Really just people trying to ride the coat tails of the fappening. Ermagurd, mad hax!

    1. Re:Just people using same passwords by YttriumOxide · · Score: 1

      I'd guess it's just hacks of other sites, filter it on just gmail accounts and hope they used the same password for both

      I'm pretty sure that's right. Actually, I'd say I'm around 5 nines certain.

      My email is on the list (afforess@gmail.com, go check!) I use a password for gmail I have never used for any other site.

      According to the list, the password is a 7 character string, lowercase, moderately common first name starting with c.

      --
      My book about LSD and Self-Discovery
      Also on facebook as: DroppingAcidDaleBewan
  7. Two factor authentication time! by slk · · Score: 5, Informative

    Google offers 2FA for free, labled as "2-step authentication". Setup takes about 3 minutes, hassle on known devices is roughly zero, and it makes these attacks irrelevent. Can do SMS, Authenticator app, etc.

    --
    ERROR: Null .sig, core dumped.
    1. Re:Two factor authentication time! by Ichijo · · Score: 1

      Except when your workplace has a policy of deleting cookies daily which makes 2-step authentication a hassle when you have to do it every day.

      --
      Any sufficiently unpopular but cohesive argument is indistinguishable from trolling.
    2. Re:Two factor authentication time! by peragrin · · Score: 4, Informative

      Except google has a policy for that an can give you a one step password for the particular device.

      --
      i thought once I was found, but it was only a dream.
    3. Re:Two factor authentication time! by Mike+Van+Pelt · · Score: 1

      Yeah... I tried that. It makes it near impossible to view Youtube videos on my TiVo. The TiVo doesn't stay logged in nor does it remember passwords, so I have to get a new OTP every time I want to view on the TiVo. (Though, now I also have a Chromecast, and I suspect it works more reasonably with 2FA... Time to give it another try, I don't use the TiVo to watch Youtube anymore since I got the Chromecast.)

    4. Re:Two factor authentication time! by DMUTPeregrine · · Score: 2

      No, it's a separate password for the same account. You can set it to expire or not, as you choose. Cookies aren't involved.

      --
      Not a sentence!
    5. Re:Two factor authentication time! by swillden · · Score: 1

      They offer it without giving Google your phone number or other personal info, or you have to put another personal info egg in the Google basket?

      There are several options. One of them is to use SMS or voice as the channel for receiving one-time passwords. For that, you have to provide the phone number they should send the passwords to. Or you can use the Google Authenticator app, which doesn't require providing any information (though it's recommended to provide a phone number as a backup), or you can just get a list of static OTPs to print out and carry around. Most people use that last one as a backup, but I suppose you could use it as your primary 2FA.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    6. Re:Two factor authentication time! by swillden · · Score: 1

      You don't log into the Chromecast, so it doesn't have any dependency on authentication.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    7. Re:Two factor authentication time! by GNious · · Score: 1

      Would suggest people also go through and revoke any logins, computers and devices after they set up 2FA - should be right there in the Security tab on Google account settings.

  8. Not Listed by BlackHawk-666 · · Score: 1

    Despite having a public gmail account since it was invite only I escaped the list. Password managers FTW!

    --
    All those moments will be lost in time, like tears in rain.
    1. Re:Not Listed by Halifax+Samuels · · Score: 2

      None of my accounts are listed, and I've had two of them since it was invite-only as well. I also used the same simple password for both of them and dozens of other sites for many years because, honestly, I just don't care that much. Whether you're on the list or not doesn't seem to be related to your password.

  9. Re:My emails are not on it by ledow · · Score: 1

    Same for me, same for my brother.

    Someone's just collected 5m GMail addresses from somewhere.

    To be honest, it's more likely that my address has been sold by a Google employee - there's no way I should be getting as much spam as I do to an address that's completely unadvertised and which is only the end-point of various domain forwarding.

    Password compromise too? Just sounds like someone's collated all the compromised data from other websites etc. they could find, rather than hacked into GMail somehow.

  10. Enable/// by Rick+Zeman · · Score: 1

    ...2 factor authentication for your accounts, too. Google makes it easy.

    1. Re:Enable/// by Charliemopps · · Score: 1

      Thanks for the link, that made it easy. I should have done that years ago.

  11. Just people using same passwords by Afforess · · Score: 1

    I'd guess it's just hacks of other sites, filter it on just gmail accounts and hope they used the same password for both

    Really just people trying to ride the coat tails of the fappening. Ermagurd, mad hax!

    My email is on the list (afforess@gmail.com, go check!) I use a password for gmail I have never used for any other site. So I don't see how this can be the case. I have 2FA on the account, so not too worried, but still!

    --
    If our elected representatives no longer represent us, do we still live in a Democracy?
  12. Probably a few sites were hacked by stewsters · · Score: 5, Informative

    With a gmail account anything after a plus is ignored. You can then use username+serviceName@gmail.com to denote what service you are on. It looks like some people did this, and seems like these credentials are stolen from a few different sites. Here are the most popular after plus endings from the 5 mill:

    xtube : 176
    daz : 133
    1 : 125
    filedropper : 88
    daz3d : 66
    eharmony : 64
    friendster : 63
    savage : 62
    2 : 60
    spam : 57
    bioware : 54
    savage2 : 52
    bryce : 51
    hon : 40
    freebiejeebies : 32
    3 : 28
    eh : 27
    4 : 25
    policeauctions : 19
    bravenet : 18
    filesavr : 18

    1. Re:Probably a few sites were hacked by brunes69 · · Score: 5, Informative

      Yep. In fact the more you look at the data the more it looks like Google was not hacked at all and these accounts were collected from elsewhere, then perhaps verified against Google.

    2. Re:Probably a few sites were hacked by malakai · · Score: 4, Informative

      Can confirm. the password it had for one on my Gmail account e-mails was a password I use on 'throw away' websites. Think phpBB and the like. I never used this password on my GMail, or any account I cared about.

      I checked two other g-mail accounts that I primarily use for work, and neither were on the list.

      I'm going to say some of these are just harvested from old phpBB exploits. Sometimes I would use my throw away password for things I considered useless, like twitter and the like. So I guess it's possible it came from a bigger leak, that was deemed unworthy by me for enhanced security.

      Also, many of my primary passwords have the website initials built into it. Like "sdblahblahblah" for slashdot. The password in the leak was not from any of my main primary sites ( amex, citibank, google, /., networking/dns sites, AWS, amazon, etc...).

      --
      -Malakai
      A Dragon Lives in my Garage
    3. Re:Probably a few sites were hacked by ChronoReverse · · Score: 1

      I agree, just did the check and the first two characters were "pa" which is obviously the throwaway "password" I used before.


      I have 2FA enabled so my actual gmail account is pretty safe I'd think.

    4. Re:Probably a few sites were hacked by YttriumOxide · · Score: 1

      where are you finding the passwords? Im on the list and use KeePass for just about everything so should be able to nail down exactly where they got my password from.

      The list with passwords was easily available for a while (and still is if you hunt around a bit - I found it without too much trouble).

      --
      My book about LSD and Self-Discovery
      Also on facebook as: DroppingAcidDaleBewan
    5. Re:Probably a few sites were hacked by Yaur · · Score: 2

      The password they have for me was from the linkedin breach.

    6. Re:Probably a few sites were hacked by r0kk3rz · · Score: 1

      They list my details that were leaked from the Sony Playstation Network hack a few years ago, long since changed all my passwords since then.

  13. Re:What's email? by WillAffleckUW · · Score: 1

    What's a pocket?

    This is the 21st Century.

    We all wear form fitting science uniforms and have jetpacks and flying cars.

    --
    -- Tigger warning: This post may contain tiggers! --
  14. Scary-ish by Torp · · Score: 1, Interesting

    I was on this list and i had an unique (for me) password for the google account. I've had the account since you had to beg for an invite to get in as well.

    --
    I apologize for the lack of a signature.
    1. Re:Scary-ish by Torp · · Score: 1

      ... but I'm guilty of not ever changing the password after i created the account :)
      Until today, of course.

      --
      I apologize for the lack of a signature.
    2. Re:Scary-ish by steelfood · · Score: 1

      So are you saying your unique password was revealed along with your username? For curiosity sake, was it a strong password, or something an enhanced dictionary could attack?

      --
      "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
    3. Re:Scary-ish by Torp · · Score: 2

      I was wrong. This is NOT a leak of passwords from google accounts.
      I checked my account on isleaked.com and it was NOT the google password, but the easily guessed password i use for accounts that I don't care about.
      If your google password is unique, you're safe. If you reused it on low security sites... not so much.

      --
      I apologize for the lack of a signature.
  15. Re:But... but.... but... What about teh Appelzzzzz by bigfinger76 · · Score: 1

    Has this resulted in one breached account? For all we know, this is just a list of email addresses. Need more evidence, like boobs.

  16. How do we actually know? by Sebastopol · · Score: 2

    I could harvest 5m gmail names from google searches, and then publish them with bogus passwords and create panic. Is there some statistic that says how many of these were real passwords? Because wouldn't it be illegal to use them (accessing another person's account w/o their permission is a crime in the USA).

    Seems like it would be easy to manufacture a lot of FUD by making these claims w/o really having any passwords at all, and no one could verify it?

    --
    https://www.accountkiller.com/removal-requested
    1. Re:How do we actually know? by YttriumOxide · · Score: 2

      I could harvest 5m gmail names from google searches, and then publish them with bogus passwords and create panic. Is there some statistic that says how many of these were real passwords?

      Statistics, probably not. But to confirm they're not just all made up, I checked a few of the ones that were obviously a password for another site (one of the '+' addresses) and after 4 tries, found one that worked (on the 'other site', not on gmail). So they're definitely not just 'made up' passwords; they just aren't necessarily a password that was ever actually used for the email address they're associated to.

      --
      My book about LSD and Self-Discovery
      Also on facebook as: DroppingAcidDaleBewan
    2. Re:How do we actually know? by i+ate+my+neighbour · · Score: 1

      A sketchy service called isleaked.com allows you to query. I queried my email, and it replied "the first two characters of your password is ...." which was correct. However, it was not my gmail password, but a password I use in my unimportant accounts.

    3. Re:How do we actually know? by kat_skan · · Score: 1

      Even if it's a hoax the sensible response doesn't really change. Change your password, enable 2FA and don't worry too much about whether it was FUD.

    4. Re:How do we actually know? by Nyder · · Score: 1

      I could harvest 5m gmail names from google searches, and then publish them with bogus passwords and create panic. Is there some statistic that says how many of these were real passwords? Because wouldn't it be illegal to use them (accessing another person's account w/o their permission is a crime in the USA).

      Seems like it would be easy to manufacture a lot of FUD by making these claims w/o really having any passwords at all, and no one could verify it?

      They had my email and an old password I used on it.

      So while I am no one important, the list seems legit.

      --
      Be seeing you...
  17. Check you address here by bigjocker · · Score: 3, Informative

    Use this page to check if your address is in the leaked database. I'm using the list (without passwords) that was published here in slashdot in the above comments. I'm not capturing the email addresses of the people using the tool:

    https://bigjocker.com/qd/googl...

    If you don't trust me (and I don't blame you), just download the file posted a few comments above this one and grep yourself:

    ngranek@trantor:~/Downloads$ grep bigjocker google_5000000.txt
    ngranek@trantor:~/Downloads$

    --
    Life isn't like a box of chocolates. It's more like a jar of jalapenos. What you do today, might burn your ass tomorrow.
    1. Re:Check you address here by John+Bokma · · Score: 1

      Heh, my wife was asking about such a site, and like I explained to her: you really think that someone who has collected all this data is just handing it out for free? No, it's IMO just a small, probably outdated sample. Moreover, I wouldn't trust any site that allows me to check if I am on the list. This just confirms that such accounts are active or at least that someone cares enough about it to check it.

      --

      Perl Programmer for hire
    2. Re:Check you address here by emotionus · · Score: 1

      Wild cards work? partial matches?

  18. Re:What's email? by peragrin · · Score: 1

    Who needs a pocket my computer displays on my contacts and blast audio through a bone phone.

    --
    i thought once I was found, but it was only a dream.
  19. Maybe a fraction of the actual list (and outdated) by John+Bokma · · Score: 4, Interesting

    I guess this is just a small fraction of the actual list, because such a list has a value and why just handing it out for free? Releasing a fraction and seeing people going upset because they are on the list, and it's actually their password, however, increases the value of the actual list. Even more so if the actual list is more recent.

    --

    Perl Programmer for hire
  20. Re:But... but.... but... What about teh Appelzzzzz by Noah+Haders · · Score: 1

    did the icloud buzziness result in one breached account? no evidence of that. a lot of the nudie selfies were taken on sammy phones.

  21. Re:But... but.... but... What about teh Appelzzzzz by bigfinger76 · · Score: 1

    I neither know or care. It's just a bit early to try to stir the pudding here.

  22. Re:What's email? by jcoy42 · · Score: 3, Informative

    ...sez the guy whose homepage is facebook.

    --
    Never trust an atom. They make up everything.
  23. Am I the only one? by Russ1642 · · Score: 4, Interesting

    A total surprise to me that my email address was on the list, and they had the current password. I changed that immediately and activated 2-factor authentication. So the next question is how did they get it? It's a unique string of random crap so it had to be intercepted rather than brute forced either with a malicious android app or, more likely, I signed in on a compromized computer. Anyone have any ideas?

    1. Re:Am I the only one? by Ronin+Developer · · Score: 1

      Could easily have been malware, phishing site, or a compromised system.

      If you still use the account, make sure you unlink everything from it, change your password and then enabled TFA.

    2. Re:Am I the only one? by mr_mischief · · Score: 1

      Did you by any chance use the same unique string of random crap at some third-party site where you used your email address as a verification email?

    3. Re:Am I the only one? by swillden · · Score: 1

      Most likely, you used the same password for another web site, with your gmail address as your contact e-mail.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    4. Re:Am I the only one? by Russ1642 · · Score: 2

      Most likely the two symbols that were shown on the isleaked website were also in a different password of mine and they never really had the proper Gmail password. I have no way of verifying this. However, I can say for certain that I've never used my Gmail password anywhere but Gmail. I have unique passwords for every single account I have on all websites. I use UPM as a password manager on my Android phone with a ridiculously long master password. I doubt it got hacked.

    5. Re:Am I the only one? by celticmonkey · · Score: 1

      I was surprised to see my email address on the list. Looking through my password manager, it looks like they have a simple password I stupidly re-used on eharmony and gigasize more than 3 years ago. (In fairness to those sites, I probably used the password elsewhere too, so they aren't necessarily the leak source.) I just hope a Russian hacker doesn't steal my soul mate on eharmony. (Unlikely?)

    6. Re:Am I the only one? by strikethree · · Score: 1

      Hm. None of the addresses that belong to me or anyone that I correspond with is in that list. If it was from a breach at Google, then they were stopped before they were able to access the entire list that Google has. My main is account has been around since gmail existed and it is not compromised.

      Did you use shared passwords with ANY other site? That is the only method I can think of for them to have a list like this. I hope you were able to regain exclusive control over your account before anything bad happened.

      --
      "Someone needs to talk to the tree of liberty about its ghoulish drinking problem." by ohnocitizen
    7. Re:Am I the only one? by PhilHibbs · · Score: 1

      Where did you get the password list from?

    8. Re:Am I the only one? by swillden · · Score: 1

      I see Google has their spin doctors deployed...

      I see you haven't followed this story at all. There is zero evidence that any of this data came from Google, and plenty of evidence that it did not. For that matter, look at some of the /. comments. Several posters found their e-mail addresses and passwords... and they were not passwords used on gmail.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  24. Re:What's email? by Triklyn · · Score: 1

    hah, the optic nerve is SO last gen. my I.queue directly stimulates my visual and aural cortices.

  25. In the USA we pay to receive texts by tepples · · Score: 1

    Cellular subscribers in the United States who do not pay per month for unlimited SMS have to pay for each outgoing and incoming message. So unless I'm severely misunderstanding something, I'd have to pay my cell phone provider 20 cents every time I want to log in to any Google service. Is there something cheaper?

    1. Re:In the USA we pay to receive texts by Specter · · Score: 1

      You can install the Google Authenticator app; it requires no data connection after you set it up.

      J

    2. Re:In the USA we pay to receive texts by sh00z · · Score: 1

      You can download a list of single-use codes you can use instead of SMS. Of course, if you print the list and put it in your wallet, there's a path to compromise the security.

    3. Re:In the USA we pay to receive texts by tepples · · Score: 1

      I assume buy a tablet and install Google Authenticator on the tablet.

  26. Re:What's email? by WillAffleckUW · · Score: 1

    My point stands

    --
    -- Tigger warning: This post may contain tiggers! --
  27. Re:What's email? by disambiguated · · Score: 1

    How quaint. When I need to know something, my computer travels back in time and alters history so that I always knew it.

  28. Search engine by DrYak · · Score: 1

    (and still is if you hunt around a bit - I found it without too much trouble).

    What search engine were you using to locate it?
    I'm sure it won't show up on google's search results.

    (Or other pointers on how to get the list with passwords ?)

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  29. Comment removed by account_deleted · · Score: 1

    Comment removed based on user account deletion

  30. Reddit deletion by DrYak · · Score: 1

    Reddit comments are being actively deleted.
    Luckily, Google hasn't blacklisted the piratebay cache, yet.

    checking.... Nope. None of my password is in there.
    Will pass the file around for my friends to check theirs.

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  31. Gee and me with all that Cialis spam by gelfling · · Score: 1

    Oh no, what will I do?

  32. I think passwords were collected from elsewhere by gaspyy · · Score: 1

    I found one of my Gmail accounts in the list - the one I usually use when asked on forums and such. Using https://isleaked.com/results/e... I saw that the password leaked is not the actual gmail password, but the password I use when signing up on non-important sites, including Slashdot.

    I'm quite sure the email+password was collected from another site, can't be sure which one.

  33. Does Google store passwords? by PhilHibbs · · Score: 1

    I'm guessing that if this really is a list of Google accounts and passwords, that they got it from somewhere other than Google. As far as I know, Google doesn't store passwords, they store salted hashes of passwords.

  34. Re:What's email? by bingoUV · · Score: 1

    Ahh, you guys are funny. Time travelling from 18th century, but pretending to be time travelling from 23rd century. Go and check actual 21st century and you will weep.

    --
    Bingo Dictionary - Pragmatist, n. A myopic idealist.
  35. Changing passwords / creating passwords by LinuxLuver · · Score: 1

    I change my Gmail password at least every 3 months. I never use the same password twice, though I do use the same 'formula" to compose the passwords other than my Gmail account. For my primary Gmail account, I don't use the formula. So if you hack my primary Gmail account, you can't get into my backup / recovery account easily...or vice-versa. This is easy to do and you don't need a powerful memory. Just a meta-memory.

    --
    Only boring people are ever bored.
  36. 677 by samcastler · · Score: 1

    My son once did http://generatoronline.net/pas... site to create strong passwords.. Try it, maybe today it will be a useful thing.

  37. Rejected from Piratebay by DrYak · · Score: 1

    Can you please upload the list to piratebay? I cant find it anywhere..!!

    It was alread *rejected* from pirate bay.
    Look around for "10 millions emails yandex mailru gmail w passwords 2014".
    It might still be in some cache (that's where I found it).
    And it starts poping up around on other tracker.

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]