A recent Daily Mail article reveals that over 5 million Gmail accounts and their passwords were revealed. A later Forbes article claimed that only 2% of these were valid. No matter what the percentage, it is still a lot higher than zero, and 2% of 5 million is still 100,000. Protect yourself against the Gmail password leak now by changing your password, and reading the rest of this article.
Where did the Gmail password leak occur?
The Gmail password leak occurred on the Russian Bitcoin Forum in a thread. This had nothing to do with Bitcoin, or Gmail for that matter, but the .txt file contained leaked information on over 5 Million Gmail accounts.
I like to show my readers some of the underbelly of the Internet so that they know to protect themselves, here’s a screengrab of the file, with the obvious edits made to protect people:
The file is a mix of valid and invalid accounts. All it takes is a program automated to check each one to let hackers know what is and isn’t valid.
How did the Gmail password leak happen?
No one knows for sure how this has happened, but the easiest way that a massive number of emails can be gathered like this is by a phishing scam. This is when a user is sent to a site which appears to be genuine, and instead is a site made specifically to steal login data.
Another way is to use a man in the middle attack. This takes more time, but in a popular public space and given a few weeks, a considerable amount of data can be stolen.
Given the sheer number of accounts compromised, this was not the work of any one hacker. As is commonly the case, hackers will work together to collect data, sometimes using it for barter. When enough hackers get together with their data, a .txt file like this one can be the result.
How will you know if your Gmail password leaked?
There is a simple to use an open access tool called Private Gmail Leak Tester that can compare your email with the database, without exposing the database to to the world. It’s a crafty little piece of coding that helps the average gmail user figure out where they stand.
Simply type your email address in the box:
And it handles everything right in your browser, telling you whether or not you were listed. As you can see, YourMama@gmail.com was not listed, mostly because I just made it up.
Protect yourself against a future Gmail password leak
There are five things you need to know to protect yourself against another Gmail password leak:
- Use a password manager like LastPass to generate strong and different passwords for all of your accounts.
- If you have the patience, enable 2 factor authentication on your Gmail account.
- Use a VPN service to protect yourself against man in the middle attacks, especially when using public WiFi.
- Always be cautious when clicking on unknown links in emails. Even when they’re from your friends as your friend could be the victim of email spoofing.
- Have an updated Antivirus and Firewall at all times.
This latest Gmail password leak has hit the press pretty hard, be sure that you’re learning from this story and not just blindly reading the articles presented to you. Take action, and protect your account.
Feature image via wk1003mike / Shutterstock