When a couple of celebrity photos were stolen and posted online by hacking various iCloud accounts, it is obvious that online security needs to be beefed up. After another hacker claimed that he or she was able to get their hands on nearly 5 million Gmail address and corresponding passwords and made them all public, the timeframe to upgrade security has just become urgent.
There is one flicker of good news though. Even if several Gmail addresses are on the list, the password may be too old to merit much concern.
The Russian tech blog Habrahabr theorizes that the leaked Gmail addresses and passwords were most likely compiled through phishing scams, use of weak passwords and other common compromises, not as a result of a hacked Google server. Similar databases of email addresses and passwords from Yandex and Mail.ru, two popular Russian-language services, were made public earlier in early September 2014.
If one wishes to check the status of their Gmail, Yandex, or Mail.ru account, they can use a site called, “Is my email leaked?” The site itself is safe, and one can even give a shortened version of their email address with asterisks if they are so concerned.
Last 10 September 2014, Australian security researcher Troy Hunt tweeted that he’d soon be adding the Gmail addresses to his own haveibeenpwned.com compromised-email checking website, which aggregates the results of large password dumps.
Based on an informal poll of the Tom’s Guide New York office, not that many people seem to be affected by this data dump. This makes sense when you consider that Gmail has more than 500 million users and the password breach affects fewer than 1 percent of them.
Many of the passwords on the list are outdated, tweeted Peter Kruse of Danish security firm CSIS — some by as long as three years. If one changes their password on even a semi-regular basis (as Gmail recommends), cybercriminals most likely have no way to access those account or personal information.
If an account has been compromised (or even if it hasn’t, and the user wants to be safe), they can change their Gmail password to something totally different, and consider adding two-step verification to their account. Otherwise, they just have to remember that password breaches are relatively common but also tend to get overblown in mainstream-media coverage.
There is one flicker of good news though. Even if several Gmail addresses are on the list, the password may be too old to merit much concern.
The Russian tech blog Habrahabr theorizes that the leaked Gmail addresses and passwords were most likely compiled through phishing scams, use of weak passwords and other common compromises, not as a result of a hacked Google server. Similar databases of email addresses and passwords from Yandex and Mail.ru, two popular Russian-language services, were made public earlier in early September 2014.
If one wishes to check the status of their Gmail, Yandex, or Mail.ru account, they can use a site called, “Is my email leaked?” The site itself is safe, and one can even give a shortened version of their email address with asterisks if they are so concerned.
Last 10 September 2014, Australian security researcher Troy Hunt tweeted that he’d soon be adding the Gmail addresses to his own haveibeenpwned.com compromised-email checking website, which aggregates the results of large password dumps.
Based on an informal poll of the Tom’s Guide New York office, not that many people seem to be affected by this data dump. This makes sense when you consider that Gmail has more than 500 million users and the password breach affects fewer than 1 percent of them.
Many of the passwords on the list are outdated, tweeted Peter Kruse of Danish security firm CSIS — some by as long as three years. If one changes their password on even a semi-regular basis (as Gmail recommends), cybercriminals most likely have no way to access those account or personal information.
If an account has been compromised (or even if it hasn’t, and the user wants to be safe), they can change their Gmail password to something totally different, and consider adding two-step verification to their account. Otherwise, they just have to remember that password breaches are relatively common but also tend to get overblown in mainstream-media coverage.
No comments:
Post a Comment