It’s good news/bad news time. The bad news is that someone
got his or her hands on nearly 5 million Gmail addresses and corresponding
passwords and made them all public. The good news is that even if your Gmail
address is on the list, the password may be too old to merit much concern.
The Russian tech blog Habrahabr theorizes that the leaked
Gmail addresses and passwords were most likely compiled through phishing scams,
use of weak passwords and other common compromises, not as a result of a hacked
Google server. Similar databases of email addresses and passwords from Yandex
and Mail.ru, two popular Russian-language services, were made public earlier
this week.
You can use a site called, appropriately enough, “Is myemail leaked?” if you’d like to check the status of your Gmail, Yandex, or
Mail.ru account. The site itself is safe, and you can even give a shortened
version of your email address with asterisks if you’re concerned.
Earlier today (Sept. 10), Australian security researcherTroy Hunt tweeted that he’d soon be adding the Gmail addresses to his own
haveibeenpwned.com compromised-email checking website, which aggregates the
results of large password dumps.
Based on an informal poll of the Tom’s Guide New York
office, not that many people seem to be affected by this data dump. This makes
sense when you consider that Gmail has more than 500 million users and the
password breach affects fewer than 1 percent of them.
Even if you’re one of the 5 million affected, you may not
have to worry. Many of the passwords on the list are outdated, tweeted Peter
Kruse of Danish security firm CSIS — some by as long as three years. If you
change your password on even a semi-regular basis (as Gmail recommends),
cybercriminals most likely have no way to access your account or personal
information.
If your account has been compromised (or even if it hasn’t,
and you want to be safe), change your Gmail password to something totally
different, and consider adding two-step verification to your account.
Otherwise, just remember that password breaches are relatively common but also
tend to get overblown in mainstream-media coverage.
Source: YAHOO
No comments:
Post a Comment