Gmail users are being advised to update their security details after a database containing both usernames and passwords was hacked and exposed on a Russian website.
Just under 5 million Gmail accounts were exposed on a Russian Bitcoin Forum by a user under the alias “tvskit”.
The user posted an archived file on the Bitcoin security forum btcsec.com, claiming that over 60 percent of usernames and credentials were valid.
The database mainly lists Russian accounts, however some English and Spanish-speaking members are reported to be on the list.
Though the forum manager has already removed the file containing 4,930,000 emails and passwords, the text file was in the public domain long enough to have been copied and read. The resulting leak has led to many Google account users changing their details abruptly.
It is still unclear how the btcsec user obtained the vast collection of usernames and passwords. Google have confirmed its servers were not breached, so a third party malware infected computer or database is the most likely suspect.
The list appears to house a collection of previously hacked passwords so it could simply be a collaboration of older data.
3rd Party Websites
Users concerned that their details may be listed on the text file are advised to not use third party website, which claim to check if accounts are compromised. This can be another elaborate gateway for cybercriminals to find working emails and initiate a cyber-attack
Password change and 2 Step verification
Google is warning affected users to take further steps to protect the security of their Gmail accounts.
The company recommend users should create a new password and consider using the additional two-step verification.
2-Step Verification adds an extra layer of security to a Google Account. The process works by having unique ID code sent to a separate device when your account is being accessed from an unknown source.
Whenever you sign in to Google you’ll enter your username and password as usual.
A code is then sent to your phone, unique to that login via call, text or app.
You’ll then be asked to enter the code on the original login.
Two step Verification drastically reduces the chances of having your personal information stolen from an account, as the hacker would need both username and password and the two devices. To break into an account with 2-Step Verification, bad guys would not only have to know your username and password, they’d also have to get a hold of your phone.
No comments:
Post a Comment