5 Million Gmail Passwords Leaked, Google Says No Evidence Of Compromise

http://tech.slashdot.org/story/14/09/10/1646204/5-million-gmail-passwords-leaked-google-says-no-evidence-of-compromise

kierny writes
After first appearing on multiple Russian cybercrime boards, a list of 5 million Google account usernames — which of course double as email usernames — are circulating via file-sharing sites. Experts say the information most likely didn't result from a hack of any given site, including Google, but was rather amassed over time, likely via a number of hacks of smaller sites, as well as via malware infections. Numerous commenters who have found their email addresses included in the list of exposed credentials say the included password appears to date from at least three years ago, if not longer. That means anyone who's changed their Google/Gmail password in the last three years is likely safe from account takeover.

Extracted, it's over a 100 MB. I opened the text with WordPad, surprisingly fast, a search showed my gmail handle wasn't there. The download, and extraction (by WinRAR), was fast.

Am I the only one? (Score:5, Interesting)


by Russ1642 (1087959) on Wednesday September 10, 2014 @03:55PM (#47874875)

A total surprise to me that my email address was on the list, and they had the current password. I changed that immediately and activated 2-factor authentication. So the next question is how did they get it? It's a unique string of random crap so it had to be intercepted rather than brute forced either with a malicious android app or, more likely, I signed in on a compromized computer. Anyone have any ideas?

Ironically (I hope, ironically) babel17 is on the list of leaked passwords. I'm not sure, but IIRC I had to settle for something else when I registered for Gmail, several years ago. Either way, I don't use such an account. For the last several years, at least, I've had a different handle.