It was just reported by the DailyDot, that an alleged list of almost 5 million Gmail addresses and passwords had been shared on a Russian Bitcoin forum. After numerous reports and updates, here is what you need to be informed of and how to quickly find out if your account may have been part of the compromised list.
The list was taken down, but the damage has been done as many malicious groups had enough time to get their hands on it. KnowEm has put out a trusty tool that uses a copy of the list, without publicly sharing any of its info, to effectively verify if your email may have been compromised. Simply enter your Gmail address into the tool and it will verify if you should be updating your password. But this is only the first step to better securing your account. You must also ensure to use a strong password and Google strongly recommends upgrading to 2-Step Authentication for more dependable security.
Google has reported that there is no evidence that suggests any recent breaches have occurred, and we now know that many of those emails we’re either very old, as much as 10 years back and included closed or deleted accounts or obsolete passwords. It seems the list was a compiled collection of very old to more recent leaked passwords that may have been acquired from various different phishing scams or malware, but since it contained nearly 5 million entries, chances are many of those are still valid.
Other claims advise that these passwords we’re not actually for the Gmail accounts, but instead matched user accounts leaked from multiple websites. This is possible, as it is known that many people share the same password for multiple accounts, and this weakness is exploited by others trying to crack your other accounts such as email. Right now, there are no firm answers, but it is best to use strong and different passwords for all your important accounts, in order to remain safe from these practices.
We would like to mention a final remarkable detail that users have spotted. A similar tool to the KnowMe Gmail checker called IsLeaked.com was available but users found suspicion behind the unknown service and the fact that the domain had been registered for 2 days only, before the Gmail leak went public, raising awareness of a possible link between the two. We highly suggest to ONLY use the tool we linked to at the top of the article. Stay safe by using strong, different passwords and possibly a password manager service to help you along the way.