In the recent leak of nearly 5 million gmail username and password combinations that Freedom Hacker broke minutes after the incident, Google quickly responded ensuring users that security was Gmails top priority.
Wednesday morning, a post on BitCoin Security went up with a list of some alleged 5 million gmail emails that had been compromised and leaked online. The leaked file removed the passwords and only allowed users to see if their email account had fallen victim on the list. The file containing the passwords was reportedly passed around the Internet and a number of people claimed to have access to it.
Previously, one source had claimed that the database had near sixty percent accuracy, meaning over half the database credentials were valid and accounts could be easily hijacked, Google has since disproved that theory.
In a statement by Google, the company found less than %2 of the leaked username and password combinations to be valid and working. For added security, Google notified the affected customers as well as touted their “automated anti-hijacking systems” would have thwarted the hackers regardless.
In the near five million emails dumped Wednesday morning, it is still unclear who was behind the dump or how the email combinations were obtained. Many users speculate that a number of websites databases were hacked and attackers found many of the compromised website logins to correspond with other online account information.
Google even noted they are high priority targets for phishing email scams or malicious attacks in general, but do their best to thwart off the attacks. Google also recommended to never use the same password across multiple sites. The reasoning behind this is if a website gets compromised, attackers will commonly have access to emails, usernames, passwords and other sensitive information. If the compromised password is used across a number of websites and corresponds with the email address, attackers can continuously target email, banking, and other high-profile websites with the same compromised credentials and possibly gain access to users accounts.
While it may be hard to continuously remember passwords, users should also enable two-factor authentication. Meaning if an attacker did gain access via password, they would not have access to the one time passcodes Google provides to your phone via text message or phone call. Google recommends enabling two-factor authentication to prevent future attacks and for added security.
Regardless of Google statements, it is still highly recommended that users change their gmail passwords and enable two factor authentication. Google was fast to respond to the leak and take proactive measures to ensure the security of their users, but where the leak comes from or who leaked the information remains unknown.