5M Gmail Passwords Leaked To Russian Bitcoin Forum

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
According to this report, over five million Gmail passwords have been leaked. The good news is that Google says most of the information posted online is old and outdated. Just to be safe, I would go check your passwords now.

Much of the information is old and potentially out-of-date, Google representatives told Russian media, so the so-called “leak” may be more accurately described as a collection of phished and hacked credentials collected over years. In fact, many of the accounts have long been suspended or are matched with very old passwords.
 

Gweenz

[H]ard|Gawd
Joined
Dec 18, 2003
Messages
1,216
My guess is this is just a dump of phished passwords and not a "leak". I changed my passwords anyway of course.
 

MrGuvernment

Fully [H]
Joined
Aug 3, 2004
Messages
20,242
My guess is this is just a dump of phished passwords and not a "leak". I changed my passwords anyway of course.

Did you read the summary before taking the guess :)

Google representatives told Russian media, so the so-called “leak” may be more accurately described as a collection of phished and hacked credentials collected over years.
 

B00nie

[H]F Junkie
Joined
Nov 1, 2012
Messages
9,221
Now everyone remember to go in to that helpful website that lets you type in your account and password to see if it's on the infected list.
 

NEODARK

Gawd
Joined
Aug 10, 2004
Messages
1,002
Now everyone remember to go in to that helpful website that lets you type in your account and password to see if it's on the infected list.

Thanks, good reminder... I did and I'm NOT hacked. It's great because they test it thoroughly... I mean, I immediately got a text from my two factor authentication and promptly emailed the code to them. My account is for sure safe.




:p
 

mnewxcv

[H]F Junkie
Joined
Mar 4, 2007
Messages
8,645
Thanks, good reminder... I did and I'm NOT hacked. It's great because they test it thoroughly... I mean, I immediately got a text from my two factor authentication and promptly emailed the code to them. My account is for sure safe.




:p

I did the exact same thing and it said my account was safe, but now for some reason I can't login to gmail, ebay, or paypal. what gives?
 

Soarin

2[H]4U
Joined
Jul 23, 2010
Messages
2,491
Downloaded the txt file containing the info.. NO PASSWORDS at all. Just usernames. I wanted to see if my usernames where on the list. They are not.
 

aldamon

Supreme [H]ardness
Joined
May 24, 2000
Messages
6,603
My old password was on the list which explains the unsuccessful attempt to hijack my account in May. Yes, two-factor for the win. Saved my ass yet again.
 

Maxx

[H]ard|Gawd
Joined
Mar 31, 2003
Messages
1,648
I'll admit my email was on this, but I use a unique password for every site (well into the 100s if not 1000s by now) that are generally very complex. I only use a very basic one for throwaway sites. The one that was leaked for me here was the basic one. Considering the very few sites I used it for (all which were many years ago), I traced it back to a gaming site I used for WoW patches back in 2005-2006. I found one of my friends on the list, too, who I unsurprisingly met in WoW and who also had an account at that site.

Likely this list is a consolidation of many sites that have had their databases exploited over the years. If you happen to use the same passwords across various sites, don't rely on throwaway emails, and generally don't keep up with changing your passwords and using multifactor, you may have a reason to be concerned, but for the most part this is just a leak of something that was likely in hack lists for a while now.
 

colinstu

2[H]4U
Joined
Oct 11, 2007
Messages
3,563
Downloaded the txt file containing the info.. NO PASSWORDS at all. Just usernames. I wanted to see if my usernames where on the list. They are not.

there are two copies, one with and without passwords.

needless to say, none of my email addresses or friends were on it.
 

B00nie

[H]F Junkie
Joined
Nov 1, 2012
Messages
9,221
I use simple passwords but fake information on all but my work e-mail and service registrations.
 

FLECOM

Modder(ator) & [H]ardest Folder Evar
Staff member
Joined
Jun 27, 2001
Messages
15,739
so where is the text file? want to check if I or anyone I know is on there... don't trust the "give us your email and we'll check for you!" websites...
 

FLECOM

Modder(ator) & [H]ardest Folder Evar
Staff member
Joined
Jun 27, 2001
Messages
15,739
Notepad++ had no issue :)

not on there as I suspected but I like to make sure
 

Soarin

2[H]4U
Joined
Jul 23, 2010
Messages
2,491
there are two copies, one with and without passwords.

needless to say, none of my email addresses or friends were on it.

Ah, makes sense and would explain why I did not see them. No one I knew was on it either.
 

nilepez

[H]F Junkie
Joined
Jan 21, 2005
Messages
11,806
According to this report, over five million Gmail passwords have been leaked. The good news is that Google says most of the information posted online is old and outdated. Just to be safe, I would go check your passwords now.

I checked the site that allegedly tells you if your PW is compromised and got nothing. That said, they can steal it. I use Gmail for burner email addresses. I can only remember 2 of them, but I use one for youtube and another for android log in. There's nothing else there.
 

rat

Supreme [H]ardness
Joined
Apr 16, 2008
Messages
4,915
Cut and pasting what I posted about this over at Reddit.

[–]rat 102 points 16 hours ago*

Highly doubt the list is accurate. Passwords scrubbed, so it'll be harder to confirm the sources.

I downloaded the list and my email address is in there, however, I have two factor auth on my account and I have never recieved any suspicious attempts at logging in on my account.

Edit:

http://habrahabr.ru/post/236283/ <--- google translate on this if you need to. Several people guessed that this is a collection of known usernames/passwords of just gmail addresses for usernames from past leaks.

I found a way to search for what password was attached to the gmail address. https://isleaked.com/en.php

It is NOT a password I ever used with gmail.

My verdict: This is not a Google leak but a collection of Gmail addresses with passwords from elsewhere. Based on the password hinted, I would wager this is from the Gawker leak way back when. (I use unique passwords for every site. You should, too.)

Edit 2:

I was given access to the full password list by another redditor. Knowing the full password that they had for my email address, I can absolutely, with 100% certainty, tell you this:

It was a password that I only used on one of Gawker's sites for commenting. So absolutely not a "gmail" leak, but a compilation of gmail based usernames and passwords.

The password itself was also really old, meaning even before the Gawker leak, I had stopped using that method of creating passwords. I just never changed older passwords when I started using a newer method of generating passwords.

The only people who have anything to worry about are those who recycle passwords everywhere they go.
 

rat

Supreme [H]ardness
Joined
Apr 16, 2008
Messages
4,915
Min e was listed. Changed password right away.

This means your gmail/password has been known for several years AND were using the same password across multiple sites. The dump is a compilation of really old database leaks.
 

nilepez

[H]F Junkie
Joined
Jan 21, 2005
Messages
11,806
This means your gmail/password has been known for several years AND were using the same password across multiple sites. The dump is a compilation of really old database leaks.

Doesn't the PW was the same as when it was compromised. Just means it was compromised at some point. If mine had been on the list, i'd have changed my pw too, even though I rarely use the accounts and have changed the PW many times in the past year (cause I generally forget what it is).
 
Top