About 5 Million Google Account Credentials Dumped Online

  • 10 September 2014
  • 7 replies
  • 13 views

Userlevel 7
Badge +54
September 10th, 2014, 09:05 GMT · By Ionut Ilascu
 
 
A database containing usernames and passwords for almost five million Google accounts emerged on a Russian forum late on September 9.
The user dumping the information on Bitcoin Security board uses the online alias “tvskit” and says that although not all the entries are valid, more than 60% of them should be working; all passwords are provided in plain text.

It is unclear how the information was collected, but the most plausible theory is that the attacker(s) gathered the details through phishing and different forms of data exfiltration, such as the use of infostealing malware.

Users who want to verify if their address is included in this database can do it through the ileaked.com website, which parsed the information and offers search capabilities.
 
http://i1-news.softpedia-static.com/images/news-700/About-5-Million-Google-Account-Credentials-Dumped-Online.jpg
 
 
Full Article

7 replies

Userlevel 7
This is alarming to say the least, nothing is safe anymore
Userlevel 7
Badge +56
So downloaded the list to see if my email was on there (it wasn't) and while I had it open I started checking everyone's gmail address from the team.  I actually found @ 's email on there!
Userlevel 7
Badge +62
@ wrote:
So downloaded the list to see if my email was on there (it wasn't) and while I had it open I started checking everyone's gmail address from the team.  I actually found @ 's email on there!
Hi Nic I just checked mine and I'm safe Thank goodness!! Great article @ :D 
 
Sorry Richard! :8
Userlevel 7
Badge +54
I checked mine earlier and thankfully both of them are OK.
Userlevel 7
Badge +56
I still have the list on my computer, so if anyone wants me to check their email, just PM me.
Userlevel 2
News scarier than any horror movie I've ever watched. I could save my self some entertainment bucks by visiting here more often. 😃
Userlevel 1
I like the suggestion about two-level authentication (some web sites I use have three-level - they ask a personal response question between user-id and password). What I absolutely do NOT like is the majority of businesses that require your e-mail address as user-id. It seems to me that gives the hacker community half of the information they need to get an attack started. Also, if you are required to change your e-mail address by corporate splits/mergers it can become a huge hassle. I wish there was some way to get businesses to allow setting up real user-ids instead of giving away half of what opens you up to hackers.

Reply