Another day, another large haul of logins posted to the web.
While the linked article sounds a bit scary with mentions of a “big security breach” for Gmail, that isn’t the case here and there’s no need to run screaming for the hills just yet.
What actually appears to have happened is that somebody rolled up lots of older data dumps originating from various causes (such as phishing and / or password reuse) and released it all in one go, posting it to a Bitcoin forum.
As these logins could give scammers access to Gmail should the email and passwords match up, Google took a look at the data and the results are as follows:
* Less than 2% of what is claimed to be close to 5 million account credentials “might” have worked, and their automated detection systems would have “blocked many of those login attempts.”
* Enabling the various security tools on offer from Google will help to bump up the security level on your accounts and services. Passwords, recovery options, 2 step verification – all of these are available to you.
* These leaked accounts were not the result of a breach of Google systems.
The popular Haveibeenpwned site, run by well-known software architect and Microsoft MVP Troy Hunt – which lets visitors check if their username or email address (NOT password) have appeared in any data breaches – has been updated to reflect this latest data dump.
It seems 17% of the accounts were already in there to begin with. If you’re wanting to keep up with the latest stats, figures and “Where has this data been seen before” you should keep an eye on that particular Twitter account as it promises to be a busy few days.
Otherwise, don’t panic and have a look at your security settings sooner rather than later. You’ll likely be glad you did…
Christopher Boyd