5M Gmail Passwords Leaked To Russian Bitcoin Forum

[HardOCP News]

According to this report, over five million Gmail passwords have been leaked. The good news is that Google says most of the information posted online is old and outdated. Just to be safe, I would go check your passwords now.

Much of the information is old and potentially out-of-date, Google representatives told Russian media, so the so-called “leak” may be more accurately described as a collection of phished and hacked credentials collected over years. In fact, many of the accounts have long been suspended or are matched with very old passwords.

 

[Gweenz]

My guess is this is just a dump of phished passwords and not a "leak". I changed my passwords anyway of course.

 

[DarkStar02]

Multifactor authentication ftw

 

[MrGuvernment]

My guess is this is just a dump of phished passwords and not a "leak". I changed my passwords anyway of course.

Did you read the summary before taking the guess

Google representatives told Russian media, so the so-called “leak” may be more accurately described as a collection of phished and hacked credentials collected over years.

 

[B00nie]

Now everyone remember to go in to that helpful website that lets you type in your account and password to see if it's on the infected list.

 

[NEODARK]

Now everyone remember to go in to that helpful website that lets you type in your account and password to see if it's on the infected list.

Thanks, good reminder... I did and I'm NOT hacked. It's great because they test it thoroughly... I mean, I immediately got a text from my two factor authentication and promptly emailed the code to them. My account is for sure safe.

 

[mnewxcv]

Thanks, good reminder... I did and I'm NOT hacked. It's great because they test it thoroughly... I mean, I immediately got a text from my two factor authentication and promptly emailed the code to them. My account is for sure safe.

I did the exact same thing and it said my account was safe, but now for some reason I can't login to gmail, ebay, or paypal. what gives?

 

[Soarin]

Downloaded the txt file containing the info.. NO PASSWORDS at all. Just usernames. I wanted to see if my usernames where on the list. They are not.

 

[aldamon]

My old password was on the list which explains the unsuccessful attempt to hijack my account in May. Yes, two-factor for the win. Saved my ass yet again.

 

[m heisty]

I prob have close to enough gmail accounts myself to make up half of that list lol.

 

[Maxx]

I'll admit my email was on this, but I use a unique password for every site (well into the 100s if not 1000s by now) that are generally very complex. I only use a very basic one for throwaway sites. The one that was leaked for me here was the basic one. Considering the very few sites I used it for (all which were many years ago), I traced it back to a gaming site I used for WoW patches back in 2005-2006. I found one of my friends on the list, too, who I unsurprisingly met in WoW and who also had an account at that site.

Likely this list is a consolidation of many sites that have had their databases exploited over the years. If you happen to use the same passwords across various sites, don't rely on throwaway emails, and generally don't keep up with changing your passwords and using multifactor, you may have a reason to be concerned, but for the most part this is just a leak of something that was likely in hack lists for a while now.

 

[colinstu]

Downloaded the txt file containing the info.. NO PASSWORDS at all. Just usernames. I wanted to see if my usernames where on the list. They are not.

there are two copies, one with and without passwords.

needless to say, none of my email addresses or friends were on it.

 

[B00nie]

I use simple passwords but fake information on all but my work e-mail and service registrations.

 

[FLECOM]

so where is the text file? want to check if I or anyone I know is on there... don't trust the "give us your email and we'll check for you!" websites...

 

[Rolling Sarcophagus]

http://tempsend.com/0D3D6A2C37

No passwords in list of course.
In case it doesn't go without saying, open it in Word. Notepad nearly poops itself and there is no formatting to boot.

 

[FLECOM]

Notepad++ had no issue

not on there as I suspected but I like to make sure

 

[Soarin]

there are two copies, one with and without passwords.

needless to say, none of my email addresses or friends were on it.

Ah, makes sense and would explain why I did not see them. No one I knew was on it either.

 

[nilepez]

According to this report, over five million Gmail passwords have been leaked. The good news is that Google says most of the information posted online is old and outdated. Just to be safe, I would go check your passwords now.

I checked the site that allegedly tells you if your PW is compromised and got nothing. That said, they can steal it. I use Gmail for burner email addresses. I can only remember 2 of them, but I use one for youtube and another for android log in. There's nothing else there.

 

[rat]

Cut and pasting what I posted about this over at Reddit.

[–]rat 102 points 16 hours ago*

Highly doubt the list is accurate. Passwords scrubbed, so it'll be harder to confirm the sources.

I downloaded the list and my email address is in there, however, I have two factor auth on my account and I have never recieved any suspicious attempts at logging in on my account.

Edit:

http://habrahabr.ru/post/236283/ <--- google translate on this if you need to. Several people guessed that this is a collection of known usernames/passwords of just gmail addresses for usernames from past leaks.

I found a way to search for what password was attached to the gmail address. https://isleaked.com/en.php

It is NOT a password I ever used with gmail.

My verdict: This is not a Google leak but a collection of Gmail addresses with passwords from elsewhere. Based on the password hinted, I would wager this is from the Gawker leak way back when. (I use unique passwords for every site. You should, too.)

Edit 2:

I was given access to the full password list by another redditor. Knowing the full password that they had for my email address, I can absolutely, with 100% certainty, tell you this:

It was a password that I only used on one of Gawker's sites for commenting. So absolutely not a "gmail" leak, but a compilation of gmail based usernames and passwords.

The password itself was also really old, meaning even before the Gawker leak, I had stopped using that method of creating passwords. I just never changed older passwords when I started using a newer method of generating passwords.

The only people who have anything to worry about are those who recycle passwords everywhere they go.

 

[me4get]

Min e was listed. Changed password right away.

 

[rat]

Min e was listed. Changed password right away.

This means your gmail/password has been known for several years AND were using the same password across multiple sites. The dump is a compilation of really old database leaks.

 

[nilepez]

This means your gmail/password has been known for several years AND were using the same password across multiple sites. The dump is a compilation of really old database leaks.

Doesn't the PW was the same as when it was compromised. Just means it was compromised at some point. If mine had been on the list, i'd have changed my pw too, even though I rarely use the accounts and have changed the PW many times in the past year (cause I generally forget what it is).