Jump to content
ATX Community

Gmail accounts hacked - change pw now!

Catherine

By Catherine
in General Chat

 Share

Recommended Posts

jklcpa

jklcpa

Posted
Posted

A number of the members will not click on a link.

 

The article from Catherine's link:

5M Gmail accounts hacked. Change your password *now*!

Posted on September 10, 2014 by Dr. Eowyn

Fidel Martinez for Fusion.net, Sept. 10, 2014:

Time to change your password again. A database containing nearly 5 million Gmail user accounts and passwords was leaked on Bitcoin Security, a popular Russian website devoted to the cryptocurrency.

The text file was published on Tuesday night by user tvskit, according to CNews, the Russian news outlet that first broke the story. The leaker claimed that the majority of the accounts belong to users who speak English, Russian, or Spanish, and that approximately 60 percent are active. The passwords not only give access to Gmail, but a slew of other Google services such as Drive and the mobile payment system Google Wallet.

Svetlana Anurova, a Google representative, told CNews that the tech giant is aware of the breach and encouraged users to select a stronger password and enable two-step verification, a security measure where users are required to provide a passcode sent to their mobile devices before any changes can be made to their account.

The Gmail leak comes on the heels of two other major security breaches leaked on the same Bitcoin forum, which targeted Russian email service prodiver Mail.ru and search engine Yandex. Those two breaches affected nearly 6 million Internet users.

Find out if your account was compromised

You can verify whether your account was affected by clicking HERE https://isleaked.com/en.php and entering your gmail address. It’s that simple. You can also enable Google’s 2-step verification by following the company’s easy steps.

UPDATE 3:01 PM Google issued the following statement to Fusion:

“The security of our users’ information is a top priority for us. We have no evidence that our systems have been compromised, but whenever we become aware that accounts may have been, we take steps to help those users secure their accounts.”

Link to comment
Share on other sites
Kea

Kea

Posted
Posted

Other articles I checked (CBS, NBC & Slate were the ones that came up first) said that Google tested the leaked passwords & only about 2% of the passwords were correct.  Google has already flagged those accounts and forces those users to change their passwords.

 

I have to admit I'm a bit leery of clicking on the link in that article to see if my account is one of the ones hacked.  Who knows what that website will do with my username?  Even if it doesn't ask for a password, it still learns a valid e-mail address and may send out their own spam.  Just call me paranoid.

Link to comment
Share on other sites
Jack from Ohio

Jack from Ohio

Posted
Posted

Your internet provider established an e-mail address when your internet was installed. It will be [email protected], or [email protected]. You do not have to log onto a website to access you e-mail, and the e-mail servers are the same servers that provide your internet.

gmail, Hotmail, aol, yahoo, live and all the others, have their own servers and you must access them from the internet.

Those are the ones the hackers go for first.

  • Like 1
Link to comment
Share on other sites
Margaret CPA in OH

Margaret CPA in OH

Posted
Posted

Well, I don't access gmail or Livemail from the internet.  All my email, including from my own websites and personal domain, is downloaded into my email client on my desktop and onto my smartphone.  Maybe I misunderstand the term, 'must access them from the internet.'

 

Just in case, I changed my gmail password, too.  It was about time anyway.

Link to comment
Share on other sites
Kea

Kea

Posted
Posted

I do not usually access my GMail or work e-mail accounts from the web browser, but download everything to my computer through Thunderbird.  But both these accounts have web portals that still keep my trash, spam & sent messages.  I do go in periodically and delete them from there as well.

 

I have also used emails from my service providers (Roadrunner, AT&T and various others).  Those also gave me access through their web portal.  So I presume there are also mail histories on those websites that hackers could go after.  The main reason I don't use those accounts as my primary e-mails is because I don't want to change e-mail accounts every time I change service providers.  I used to do that and then the service provider I was using decided to give us 2 month notice that they were getting out of the ISP business.  That was a real pain because all my current and past clients had my e-mail address, but I didn't necessarily have theirs. 

 

I do agree that GMail and the others mentioned are big targets.  The web access is part of it.  But the other part is that they have a very large base of users.  I would imagine Roadrunner (particularly in large cities since they use city / region specific domain names), AT&T, Comcast, etc. get targeted as well. 

Link to comment
Share on other sites
Lee B

Lee B

Posted
Posted

I have copied several paragraphs from the site, CBC News

 

 

"Not a security breach, says Google

The leak does not appear to have been the result of a Gmail security vulnerability, and not all of the leaked email addresses were Gmail addresses — although the bulk were.

 

"It's important to note that in this case and in others, the leaked usernames and passwords were not the result of a breach of Google systems," Google said in its blog post. "Often, these credentials are obtained through a combination of other sources. For instance, if you reuse the same username and password across websites, and one of those websites gets hacked, your credentials could be used to log into the others. Or attackers can use malware or phishing schemes to

capture login credentials."

Software specialist Troy Hunt tweeted that about 123,000 of the approximately 4.78 million leaked addresses were part of the Russian email service Yandex. Addresses from the Russian-based service Mail.ru also appeared on the list."

 

I got the definite impression that the gmail addresses and passwords were all obtained from other websites

where users used their gmail account and gmail password as  the user name and password  for other websites,

something that I never do.

Link to comment
Share on other sites
Jack from Ohio

Jack from Ohio

Posted
Posted

Yes, and if you use your cable provider's email, then change cable companies, that email source is lost to you.

Not necessarily. Most will, for a small monthly fee, keep your e-mail address active till you make the transition. If you are considering changing, do the transition first.

I also have my own domain name and personal e-mail server that I use. If I change domain hosts, my e-mail stays the same. No one should have only one e-mail provider for this very reason.

[email protected] I have up to 25 different e-mails I can setup and use.

  • Like 2
Link to comment
Share on other sites
Eric

Eric

Posted
Posted

cbslee: You are correct.  Google wasn't hacked, these passwords were collected as a result of people's own carelessness--victims of phishing or malware.

 

If you use a web mail service that supports 2 factor authentication, you should definitely enable that feature if you can endure the short term inconvenience of setting it up.

 

It's a bit of a pain because you have to put in a secret code and authenticate every device/computer you check the email from (usually a one-time thing per device) either by getting a text message or an automated voice message to your phone, but it's a HUGE improvement over simple username/password authentication. 

 

https://support.google.com/accounts/answer/180744?hl=en

 

Even if you get malware or fall for a phishing scheme and someone gets your password, they still can't get into your account without having access to your phone too.

  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...