Home / Software & Gaming / Security / Five million Gmail passwords leaked online via phishing scam

Five million Gmail passwords leaked online via phishing scam

Earlier this week five million Gmail username and password combinations were posted on to a Russian forum site, 60 per cent of which were reportedly still active. It's bad but you don't necessarily need to panic as Google has stated that this was not the result of an attack on Gmail servers but rather, a widespread phishing scam.

It's not clear as to how the poster managed to obtain such a large quantity of user information but all data was stolen from individual users, rather than Google servers. The company has since protected all affected accounts, requiring users to change their passwords immediately. This means that you don't really need to worry, Google has you covered.

gmail-ios

One of the unfortunate realities of the internet today is a phenomenon known in security circles as ‘credential dumps' — the posting of lists of usernames and passwords on the web,” Google said in on online security blog post.

” It’s important to note that in this case and in others, the leaked usernames and passwords were not the result of a breach of Google systems. Often, these credentials are obtained through a combination of other sources.”

The blog post then goes on to explain that Google offers several security measures to keep accounts secure, even if user information is somehow obtained: “We’re constantly working to keep your accounts secure from phishing, malware and spam. For instance, if we see unusual account activity, we’ll stop sign-in attempts from unfamiliar locations and devices.”

Discuss on our Facebook page, HERE.

KitGuru Says: Google's tends to do a pretty good job of protecting its users, it blocks login attempts from unfamiliar devices and IP addresses automatically and is often quick to rectify the situation when user security is involved. Do many of you guys use Gmail? What do you think of Google's security measures? 

Source: Google, btcsec

Become a Patron!

Check Also

Riot offering up to $100,000 to find Vanguard anti-cheat bugs

When Riot launched Valorant, it also launched a deeply rooted anti-cheat system, Vanguard. This anti-cheat …

5 comments

  1. Google’s security measures are the best, but you have to use them. For example, I opted in the mobile verification so that when logging in on a computer that isnt mine, it asks for a pin sent to my mobile phone.

    YES it is annoying to have to have your phone with you when logging in but it is definitely useful. If everyone did this, there wouldn’t be any account hacks and I wouldn’t receive spam from my friends’ addresses.

  2. I absolutely love this feature as well, I don’t think it’s annoying at all. Its not like you have to do it every time you check your email, its once per computer.

    Its just a small code and I know my account is 100% safe. Its worth the 10 seconds per device.

  3. I use that feature too. (2-step verification) It’s the best way to keep your account secure.. (at least, from anybody but google.. )

  4. Only dumb and fat lazy people dislike this features…

  5. I also keep a list of “emergency” confirmation codes in my wallet, in case I find myself without my phone at some point. A little planning and no more worries.