Security News

5 Million Passwords Linked to Gmail Accounts Leaked in Russian Cryptocurrency Forum

September 11, 2014 A list of five million Gmail accounts, paired with what appear to be passwords, was leaked in a popular Russian cryptocurrency forum. Forum poster “tvskit” claimed that sixty percent of the 4,929,090 accounts in the record are accurate.

Accounts from large Russian email services Yandex and Mail.Ru were also included in the list. Just a few days back, 4.5 million usernames and passwords were also leaked from Mail.Ru; 1.26 million from Yandex.

These credentials may allow cybercriminals access not only to email accounts but also to other services of the same provider. For instance, if certain account credentials are indeed valid to get inside a Gmail account, it can also be used to get inside other Google apps. In the same way, cybercriminals can try and use these credentials to log in to other popular web services. This threatens the accounts and files of users who use only one password for all their online accounts—including Gmail, Yandex, and or Mail.Ru.

In a blog post on cleaning up after password dumps, Google representatives assured users that the information leak was not a result of a breach in their systems.

“We found that less than 2% of the username and password combinations might have worked, and our automated anti-hijacking systems would have blocked many of those login attempts,” the representatives added.

What Can You Do

Google representatives say that they are consistently on the lookout for unusual account activity. Users can review account access using a secure link that displays recent sign-in activitiy:
https://security.google.com/settings/security/activity.

“Never recycle your passwords. Once you’ve used one, don’t use it again for anything else. If cybercriminals get a hold of your password, they will have access to everything it unlocks,” Trend Micro experts stressed in the eguide, “How to Manage Your Online Passwords on Multiple Devices.”

As a best practice, use unique passwords that are hard for cybercriminals to crack. “Many users are likely to trade convenience for security and choose weak passwords instead. It’s human nature to do so. Sadly enough, the users most likely to choose weak passwords are also the ones who are likely to fall victim to various online threats,” notes senior threat researcher David Sancho in a blog post.

These days, using a password manager makes it easier to remember long passwords for multiple accounts. Effective password managers encrypt passwords into what you could consider as a secure vault, which only you can open with a strong password or passphrase of your choosing.

Finally, users need to also take advantage of two-factor authentication if the service offers it, as this adds another layer of protection against unauthorized logins.


HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.

Connect with us on