Menu
Five million Gmail addresses and passwords dumped online

Five million Gmail addresses and passwords dumped online

The data was not likely stolen from Google, but from other websites, researchers said

An archive containing nearly 5 million Gmail addresses and plain text passwords was posted Tuesday on an online forum, but the data is old and likely sourced from multiple data breaches according to one security firm.

A user with the online alias "tvskit" posted the archive file on a Bitcoin security forum called btcsec.com and claimed that over 60 percent of credentials found inside are valid.

"We can't confirm that it is indeed as much as 60 percent, but a great amount of the leaked data is legitimate," said Peter Kruse, the chief technology officer of CSIS Security Group, a Danish security company that provides cybercrime intelligence to financial institutions and law enforcement.

CSIS researchers analyzed the data and concluded that it is up to 3 years old based on correlations with past leaks.

"We believe the data doesn't originate from Google directly," Kruse said via email. "Instead it's likely it comes from various sources that have been compromised."

This means that many of the leaked passwords do not correspond to Gmail or Google accounts, but to accounts on other sites where users have used their Gmail addresses as the user name.

CSIS has confirmation that at least five of the leaked user name and password pairs were never used as log-in credentials for Gmail or Google accounts. This enforces the idea that the data comes from compromises outside Google, though it's possible that they were all perpetrated by a single individual or group, Kruse said.

"The security of our users is of paramount importance to us," a Google representative said Wednesday via email. "We have no evidence that our systems have been compromised, but whenever we become aware that an account has been compromised, we take steps to help our users secure their accounts."

Even if many of the leaked credentials turn out not to be from Google, affected users might still want to change their passwords on websites where they used their Gmail address as the user name. A website called haveibeenpwned.com allows users to check if their email address is among those leaked.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags privacyGoogleonline safetyCSIS Security Group

Featured

Slideshows

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

The leading female front runners of the New Zealand ICT industry joined together for the annual Reseller News Women in ICT Awards event at the Hilton in Auckland, during which hundreds of guests celebrated 13 outstanding individuals who won awards, chosen from more than 50 finalists representing over 30 organisations.

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards
Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

More than 500 channel leaders gathered in Auckland on 21 October at the ​Reseller News Innovation Awards ​2020 to celebrate the achievements of the New Zealand technology industry's top partners, start-ups, vendors, distributors and individuals.

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners
Show Comments