It's Time to Change Your Google Password, Enable Two-Step Authentication

[Ponting]

A massive database of usernames and passwords were leaked online yesterday on a Russian forum. The trove of data contains details belonging to nearly 5 million Google users and give access to Gmail, Drive and basically everything that means a Google Account.

The passwords that were listed on the forum were in plain text, which means that the encryption had been broken, making it easy for anyone to take over an individual’s account.

The passwords have since been deleted by the forum admins, but the data is still out there somewhere. If you want to see if your account is in danger, you can visit the ileaked.com website, which went through the data and offers people the opportunity to search and see if their accounts are now vulnerable.

Changing your password
Regardless if the site returns a yes or no answer, you should probably take a look at your own account and make sure that the security around it is up to par.

First off, you should probably change your password. To do this, you should to go your Account and the Security tab.

Google has started to recommend users to pick pronounceable passwords to make it easier to remember, even though that may not always be the best solution security-wise. If you swap a few letters here and there, however, it should be quite ok.

You should also remember to use both capital and lower case letters, numbers and various dashes, hashtags and signs you can find on the keyboard. This will instantly increase the security level of your password and make your account that much safer.

As you go through the process of replacing your password, you’ll have to provide the current one and the new one as well. Google will ask for 8 characters and will tell you, as you type, if your password is strong enough.

You should also make sure that you don't use the same password for multiple accounts.

Two Step Verification
If you really want your account to be safe, you should enable two-step verification. Google takes things pretty seriously so your account should be quite safe. Unlike other services, Google will ask for this step to be taken every time you use a new computer, use a different IP, or it even detects if you’re much further way from where you usually log in from.

You can set it up to send verification codes to a phone number that you use. These can be sent via text message or you can get a voice call. Alternatively, you can use the Google Authenticator app which you can find in the app stores. It provides unique codes that are only available for a limited time period.

You can add some backup options for when your primary number is unavailable, such as the one of your significant other, or a friend you trust. There are also 10 backup codes that Google generates for you and that you could write down and use in case of emergency.

Beware of phishing attempts
It’s still unclear exactly how the hackers picked up the data that was leaked, but chances are very slim that the Google servers were hacked because inside Google’s servers data like passwords are encrypted, whilst the leaked information is in plain text.

This means that the passwords were mostly likely picked up during lengthy phishing campaigns. These are most often than not emails that appear to be genuine.

If you receive an email from Google telling you that you should change your password, you should not follow the link inside the message. The safest way to do this is to go to your Google account and change your password directly from the settings area any time this is needed. This applies not only to Google, of course, but to all online accounts.

Source: http://news.softpedia.com/news/It-s-Time-to-Change-Your-Google-Password-Enable-Two-Step-Authentication-458390.shtml

[iih1]

I had did few months ago, since my inbox messages gone by one of google affiliate vendor.

[Sonar]

2 step setup and password changed just in case my gmail was grabbed. thanks for the info :)

[SPECTRUM]

sorry but no, I don't want to have a Google account associated with a phone number, due security and privacy reasons.

[provision]

My google account was leaked. Password changed :)

[alaindc]

my account wasn't leaked...

[jackieo]

just another day on the ol interwebz

[stylemessiah]

Im sure any hacker would love my inbox full of tech newsletters and emails about my volunteering

Go ahead, read em....

[Ponting]

Google Responds to Gmail Password Dump

Only a small percentage of the roughly five million password and username combinations recently dumped online would have allowed someone to access Gmail accounts, according to Google.

The statement comes after a massive collection of passwords were posted online to a Russian Bitcoin forum along with a list of Gmail addresses. The information was published by someone under the username 'Tvskit,' who claimed that approximately 60 percent of the credentials are legitimate and that the majority of accounts belong to English, Spanish and Russian speakers.

However, Google said that less than two percent of the email and password combos could actually be used to access Gmail accounts.

"One of the unfortunate realities of the Internet today is a phenomenon known in security circles as “credential dumps”—the posting of lists of usernames and passwords on the web," according to a post on Google's security blog. "We’re always monitoring for these dumps so we can respond quickly to protect our users."

"We found that less than 2% of the username and password combinations might have worked, and our automated anti-hijacking systems would have blocked many of those login attempts," the blog continues. "We’ve protected the affected accounts and have required those users to reset their passwords."

There was no breach of Google's systems, the company stated. Most likely, the leaked usernames and passwords were obtained through a combination of other methods, according to Google.

"For instance, if you reuse the same username and password across websites, and one of those websites gets hacked, your credentials could be used to log into the others," the company noted. "Or attackers can use malware or phishing schemes to capture login credentials."

Security specialist Peter Krause of the CSIS Security in Denmark tweeted that the credentials likely originated from a multitude of sources, and some were more than three years old.

"This is week is definitely a special one," said Dmitry Bestuzhev, head of the global research and analysis team in Latin America at Kaspersky Lab. "On Monday somebody published supposedly leaked passwords from a Yandex email service, next day they did the same but with Mail.ru email service, publishing millions of leaked accounts. In both cases it was about accounts stolen via classic cybercrime schemes - phishing and malware attacks targeting the end point or the victims but not the provider itself. One important thing is that most of accounts are old.

"Today we’re seeing a new leak from Gmail," he continued. "It looks like this is a planned action. Once again it’s likely that all passwords were stolen via classic attacks against the endpoint. One thing people can do to increase their access security is to enable two-factor authentication. So if the password is stolen, the account is not compromised."

Source: http://malwaretips.com/threads/google-responds-to-gmail-password-dump.33243/

[windowsvistas]

it's good to have 2 step verification, it may be take few minutes but worth it B)

[Holmes]

Im sure any hacker would love my inbox full of tech newsletters and emails about my volunteering

Go ahead, read em....

If your gmail address got leaked chances are a hacker can access it change password and hijack your gmail account Your like those people that say I dont need a antivirus there is nothing on my computer they want that doesnt matter how much is your time worth to you you get infected and the infection is very serious and you dont know what your doing you have to reformat reinstall windows and that alone takes a hour (if your computer isnt built to contemporary standards). Sorry people dont care about wasting there time on matters like this how about you become the black hats bitch same shit you do that and go through all that work your on there time table..