Nearly 5 million Gmail passwords dumped online

According to CBC News, a list of 4.93 million Gmail addresses and passwords was posted on a Russian website Bitcoin Security on Tuesday night, Sep 10, 2014. On the same day, Danish eCrime specialist Peter Kruse tweeted that the disclosure of passwords “likely originates from various sources” and that the majority of the hacked passwords are more than 3 years old, though many of them may still be valid. Beside, some of the security codes belong to Russian-based email services, Yandex and Mail.ru. As for the hacked  Gmail accounts, Google team assured that they are protected now, and the users were strongly advised to renovate their passwords.

In my opinion, those people, whose accounts have been affected, should blame themselves for being lax on email security. First, if these passwords are truly 3 years old, it is likely to be more than 3 years ago when these users changed their passwords for the last time, while Microsoft recommends changing security codes every 1-2 months. Second, Gmail offers 2-step authentication that makes account hacking close to being impossible. Third, as the Google team noted, “If you reuse the same username and password across Websites, and one of those Websites gets hacked, your credentials could be used to log into the others”. Having that said, I believe there’s no truly solid evidence that Gmail systems are vulnerable to attacks.

Thus, to prevent further information leaks, Gmail users are strongly advised to reset their password, not to reuse them on other websites and to launch 2-step authentication.

References

Kruse, P. (2014, September 10). Gmail Leak. Twitter. https://twitter.com/peterkruse/status/509647881184509952

Gmail addresses, website passwords leaked online (2014, September 10). CBC News. http://www.cbc.ca/news/technology/gmail-addresses-website-passwords-leaked-online-1.2762316