Skip to main content

Five million Gmail addresses, passwords leak out

five million gmail addresses passwords get leaked android phone
Image used with permission by copyright holder
Five million Gmail account names and passwords were posted on a Bitcoin security forum page dubbed btcsec.com, according to PCWorld.

The data was analyzed by security experts, and they found that a significant amount of it is accurate. The leaker(s) claim that more than 60 percent of the leaked data is current.

Related: How to pick strong passwords

“We can’t confirm that it is indeed as much as 60 percent, but a great amount of the leaked data is legitimate,” CSIS Security Group CTO Peter Kruse said. CSIS is an Internet security firm based in Denmark.

The thieves pulled the data from other sites where users use their Gmail addresses as account names in order to log into other services. Researchers at CSIS found that the data that was leaked is as much as three years old.

It’s also worth noting that Google’s servers weren’t shaken down for this information. Not all of the passwords match up with Gmail accounts.

Related: 123456″ is the worst password of 2013

“We believe the data doesn’t originate from Google directly,” Kruse said when speaking with PCWorld. “Instead it’s likely it comes from various sources that have been compromised.”

Even so, it couldn’t hurt to change your Gmail password. Yes, this might be annoying, but if you’re concerned about cyber security (and lets face it, you should be), then at least give yourself some peace of mind by making the switch.

Toward that end, feel free to check out these six tips on how to make your password more secure.

Also, as PCWorld notes, isleaked.com can tell you if your email address got exposed due to this leak. All you have to do is enter your address in the field located in the middle of the page, and hit the blue button labeled “Check it!”

The site has been slow to load for us, so just be patient if you decide to use it. This could be due to overwhelming numbers of traffic sparked by concerns surrounding this leak.

Konrad Krawczyk
Former Digital Trends Contributor
Konrad covers desktops, laptops, tablets, sports tech and subjects in between for Digital Trends. Prior to joining DT, he…
Hackers may have stolen the master key to another password manager
keepass master password plain text vulnerability open padlock cybersecurity

The best password managers are meant to keep all your logins and credit card info safe and secure, but a major new vulnerability has just put users of the KeePass password manager at serious risk of being breached.

In fact, the exploit allows an attacker to steal a KeePass user’s master password in plain text -- in other words, in an unencrypted form -- simply by extracting it from the target computer’s memory. It’s a remarkably simple hack, yet one that could have worrying implications.

Read more
Google just made this vital Gmail security tool completely free
The top corner of Gmail on a laptop screen.

Hackers are constantly trying to break into large websites to steal user databases, and it’s not entirely unlikely that your own login details have been leaked at some point in the past. In cases like that, upgrading your password is vital, but how can you do that if you don’t even know your data has been hacked?

Well, Google thinks it has the answer because it has just announced that it will roll out dark web monitoring reports to every Gmail user in the U.S. This handy feature was previously limited to paid Google One subscribers, but the company revealed at its Google I/O event that it will now be available to everyone, free of charge.

Read more
No, 1Password wasn’t hacked – here’s what really happened
A person using the 1Password password manager on a laptop while sat on a couch.

Password managers have been struggling with security breaches in recent months, with LastPass suffering a particularly bad hack as a notable example. So when 1Password users got an alert last week saying their Secret Keys and passwords had been changed without their knowledge, they were understandably panicked. Luckily, all was not what it seemed.

That’s because AgileBits, the company behind 1Password, has just explained exactly what went wrong during that event. And while it wasn’t as bad as everyone first thought, it still doesn’t paint AgileBits in a particularly good light.

Read more