is gmail leaked?

Bob Z

i found this online

http://mashable.com/2014/09/10/5-million-gmail-passwords-leak/

Harry Palmr

Just changed me password! (just in case)

syklops

Not all of it. It seems for anyone who found themselves on the list, it was an old password they used years ago which would suggest it was either a leak from years ago or a leak from another website where people used the same password as their gmail account.

If you are on the list, change your password immediately. If you are not, consider doing it anyway.

solomafioso

http://freedomhacker.net/five-million-gmail-usernames-passwords-leaked/

5 Million Gmail Usernames and Passwords Leaked 0
BY BRANDON STOSH ON SEPTEMBER 10, 2014 DATA BREACH, HACKING NEWS
In what appears to be an unknown attack, hackers have dumped over 5,000,000 valid gmail username and passwords on the Internet early Wednesday morning.

Unknown hackers have leaked over five million valid credentials pertaining to Google Mail logins early this morning. The random dump of passwords first appeared on reddit’s netsec section linking to the another website hosting the leaked gmail accounts.

The .txt file of all leaked gmail usernames was found on BitCoin security (forum in Russian), where the leak is believed to be first offloaded. The file of leaked emails does not contain any passwords or other sensitive information, only full gmail email addresses.

As the leak was posted only hours ago, Reddit users are warning each other not to enter any email username or password combinations into any websites “to check if your password is secure.” It appears scams are already appearing or Reddit users are getting ready for the scams to come.

Where the leaked emails originated from remains unknown, but many are speculating the email addresses were leaked from another website or a compilation of other websites and not from Google itself.

Others have stated this is the result of phishing attacks, malicious attacks, and the use of weak passwords. Just last week we saw Apple state celebrities nude photos were leaked due to weak passwords.

The exact number of email addresses leaked is 4,929.090 and a number of users online have already identified their accounts inside the leaked database. The accuracy of the leaked gmail database has not yet been verified, but has been reported that upwards of 60 percent of login credentials are valid and working.

It is highly recommended you change your gmail password regardless and turn on a form of two-factor authentication to heighten security and prevent any possible future attacks.

Many are urging others to switch to alternative secure email providers to prevent future attacks.

salamanca22

Mine was leaked too but it showed the first two characters of the password I would have used more than 3 years ago so I have to agree it is an old leak.

advertsfox

This is an old dump, a mass collection of phished username and passwords for multiple sources where the username is a Google email account (Gmail.com or Googlemail.com) and not a leak directly for Google's servers.

Search for your email in the below link:

https://isleaked.com/en.php

If its there, then most likely its an old password you don't use anymore and can see the first 2 characters of. If its not there, your grand - just move on.

Bob Z

advertsfox wrote: »

This is an old dump, a mass collection of phished username and passwords for multiple sources where the username is a Google email account (Gmail.com or Googlemail.com) and not a leak directly for Google's servers.

Search for your email in the below link:

https://isleaked.com/en.php

If its there, then most likely its an old password you don't use anymore and can see the first 2 characters of. If its not there, your grand - just move on.

according to that site no but according to this i have

https://haveibeenpwned.com/

advertsfox

Bob Z wrote: »

according to that site no but according to this i have

https://haveibeenpwned.com/

That's a different one, again a combination of multiple sources but the one with 95% of the emails is the large Adobe leak of last year. Passwords were encrypted but the emails and hints were plain text.

The big one. In October 2013, 153 million Adobe accounts were breached with each containing an internal ID, username, email, encrypted password and a password hint in plain text. The password cryptography was poorly done and many were quickly resolved back to plain text. The unencrypted hints also disclosed much about the passwords adding further to the risk that hundreds of millions of Adobe customers already faced.

Even I'm I'm that list for Adobe because I signed up once to download Photoshop for free but I use a generic password for the likes of those websites. Again, they are encrypted too (poorly yes but its 150 million accounts). Just change your Gmail password if you are worried, I'm sure you have changed it more than once since (I've changed all of mine at least every 12 months, keeps me safe and clears the random forum clutter I've signed up to if they are breached).

If you are really worried, you can sign up here and be notified if your credentials are ever found in a breach / leak.

https://pwnedlist.com

Skerries

I was on it but an old password and signed up for the 2 step process now

Gbear

I presume by checking that Isleaked thing I can expect to not to get a load of spam emails as a result?

advertsfox

Gbear wrote: »

I presume by checking that Isleaked thing I can expect to not to get a load of spam emails as a result?

Of course not, it's purely for checking this exact dump file for your email. You may use * to hide your email (johnsmith@gmail.com could be joh***ith@gmail.com) if you are unsure.

"We don't collect your emails nor access logs.
If you don't like to specify your full email address for any reason, you can replace up to 3 characters with asterisk sign (e.g., for myaccount@gmail.com enter myac***nt@gmail.com), thus we'll show you a count of matches for this pattern. We respect your privacy."

Mr. G

All these leaks, even Irish Water with their error recently in posting letters, really need to be monitored more. Too many things can go wrong. It's like a regular occurrence now.

KAGY

advertsfox wrote: »

"We don't collect your emails nor access logs.
If you don't like to specify your full email address for any reason, you can replace up to 3 characters with asterisk sign (e.g., for myaccount@gmail.com enter myac***nt@gmail.com), thus we'll show you a count of matches for this pattern. We respect your privacy."

But wouldn't an email harvester say that too

One of my email addresses was on it but the password was a throw away one I used for random sites years ago. It could have been from a mailman mailing list - you know the ones that email you your password in plain text every month

Diemos

My address is in the list but it's form the Adobe hack, I never used that password for my gmail.