We’re back this week with the umpteeth episode of the theft of digital credentials online. In this case, a Russian forum has revealed that it has acquired the email addresses and passwords of some five million Gmail accounts and has shared them in an enormous text document. The latest indications are that the passwords do not belong to the accounts themselves, but are rather login details for third-party websites. But taking into account that many users have the same password for everything, it’s better to be safe than sorry.
The best way to check if yours is one of the many affected accounts is on a web service where you can type in your email address to see if it’s on the blacklist. Such is the level of cheekiness of these hackers that problems have also arisen with certain webpages that supposedly do the same check, as in the case of IsLeaked.com, and thus we recommend the aforementioned link from KnowEm for this purpose.
After the initial alarm was raised, Google has released an official statement saying that its service has not in fact been attacked, although they confirm that around 2% of the combinations have been used for illicit access attempts that were apparently foiled by Gmail’s own layers of security. As already mentioned, though, this doesn’t mean that the password couldn’t possibly be used to log into an account on a different site since certain users have the same password on every site they register on.
As usual, what we recommend in these cases is a healthy dose of common sense: it’s more than advisable to diversify your online activity across several email accounts, with one of them reserved for storing and registering “top-level” services, and others for use on less trustworthy sites or ones you use only casually. You should obviously use different passwords for each and in all cases change them periodically. If need be, get a refresher with our post on healthy habits for creating strong passwords.