An archive containing nearly 5 million Gmail addresses and plain text passwords was posted Tuesday on an online forum, but the data is old and likely sourced from multiple data breaches according to one security firm, PC World reports.
A user with the online alias “tvskit” posted the archive file on a Bitcoin security forum called btcsec.com and claimed that over 60 percent of credentials found inside are valid.
“We can’t confirm that it is indeed as much as 60 percent, but a great amount of the leaked data is legitimate,” said Peter Kruse, the chief technology officer of CSIS Security Group, a Danish security company that provides cybercrime intelligence to financial institutions and law enforcement.
CSIS researchers analyzed the data and concluded that it is up to 3 years old based on correlations with past leaks.
“We believe the data doesn’t originate from Google directly,” Kruse said via email. “Instead it’s likely it comes from various sources that have been compromised.”
This means that many of the leaked passwords do not correspond to Gmail or Google accounts, but to accounts on other sites where users have used their Gmail addresses as the user name.
As ever, the best advice for Gmailers, and others using online software is to:
- keep their security software up to date
- keep their operating system and all other programmes as up go date as possible (so as to include the latest security patches)
- don't use the same password for different services
- change passwords regularly
© All content copyright NBR. Do not reproduce in any form without permission, even if you have a paid subscription.
Five million Gmail addresses and passwords dumped online — security co
41270