So the stories going around this morning is that supposedly, gmail has been hacked and nearly 5 million passwords have been lifted and published online. If you go onto facebook, it's being churned out so much it's trending. It seems the talk of the web at the moment. Many are claiming gmail was outright hacked, user names and passwords stolen, and there has been a database of the list for users to check to see if their email is now compromised.

Now, that's what everyone is saying. The thing is, gmail was in fact, not hacked. The database going around is a compiled list of email address from gmail that have been compromised on other websites. So if you used your gmail account on some shady website that turns out to be a phishing scam, then they just assume that you also use the same password for your linked email account. The list also has passwords used for accounts from other websites that have been hacked in the past and again, they just assume it's the same password for your email. It turns out, it's also pretty outdated as well, with some people claiming the database giving them passwords they haven't used for any website in almost a decade.

As a PSA, and I am sure for many MANY users here, this is just common sense, but in the wake of this, it just feels right to say. DO NOT reuse passwords online! I personally have a handful of passwords for all my main sites, then have a small notebook with random passwords I use for non-impotent stuff that I could careless if it gets compromised. Also, it might be a good time, just to be on the safe side, to change your gmail account password if you haven't done so in a while.

10 years ago*

Comment has been collapsed.

Thanks for the heads up and the advice, im glad that i dont use gmail, but damn, feelbad for those users

10 years ago
Permalink

Comment has been collapsed.

Thanks for the PSA!

10 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 2 years ago.

10 years ago
Permalink

Comment has been collapsed.

  1. Tell everyone that accounts was leaked (and use old leaked database)

  2. Make website with "Check if leaked" form

  3. Gather real accounts through it

  4. ???

  5. Sell database for billions

10 years ago
Permalink

Comment has been collapsed.

Well, I checked one of my older gmail accounts and it was actually on the site. Funny thing was, it used a password I had changed about 4 times since original use. I also checked another secondary account through gmail I use for forums and it was not on the database. Also, just for giggles, I tried using a hotmail account and it bounced right back. I would think if it was collecting email addresses in general, it would accept any email address.

10 years ago
Permalink

Comment has been collapsed.

:D

10 years ago
Permalink

Comment has been collapsed.

I checked my email directly via the leaked txt file. So no risk for me. :)

10 years ago
Permalink

Comment has been collapsed.

This.

10 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 2 years ago.

10 years ago
Permalink

Comment has been collapsed.

you can download it from Pirate Bay. Not sure if I may link to piratebay on SG so just search for it ;p

10 years ago
Permalink

Comment has been collapsed.

LINK (it's ~25mb)

10 years ago
Permalink

Comment has been collapsed.

Wow because you can do so much damage if you have only an e-mail of someone.

10 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 5 years ago.

10 years ago
Permalink

Comment has been collapsed.

lol gmail too, heard already 2 of this stories.

At least it says: "Thankfully your email address was not found." but I will change password just in case.

10 years ago
Permalink

Comment has been collapsed.

oh damn, i have gmail as main email...

10 years ago
Permalink

Comment has been collapsed.

It's not advised to use those websites to check wether your email is one of those that was leaked. Download the text file instead and just do a search to see if your email is in there.

10 years ago
Permalink

Comment has been collapsed.

Just use two-step verification and you'll be fine even with leaked password.

10 years ago
Permalink

Comment has been collapsed.

That's exactly what I'm thinking as well. This verification might be an extra loop to jump through, but having this bit of extra security feels good.

10 years ago
Permalink

Comment has been collapsed.

I recommend that you will not check was your password leaked on that site, they're not trustworthy

10 years ago
Permalink

Comment has been collapsed.

I tried to search if billgates [at] gmail.com is leaked, and it is :)

10 years ago
Permalink

Comment has been collapsed.

That's not the real Bill Gates anyway.

10 years ago
Permalink

Comment has been collapsed.

Like I didn't know?

10 years ago
Permalink

Comment has been collapsed.

and it's not even iphone now it's google what's next blAckberry

10 years ago
Permalink

Comment has been collapsed.

There was already a story about Apple iCloud hacked, after Yandex and mail.ru biggest Russian email passwords leaked, now Google, lol.

10 years ago
Permalink

Comment has been collapsed.

how many times it takes to get it checked

10 years ago
Permalink

Comment has been collapsed.

What are they gonna' do with my email and password if they don't have my phone? 2-step verification ftw

10 years ago
Permalink

Comment has been collapsed.

+1

10 years ago
Permalink

Comment has been collapsed.

This list was created probably not via some gmail leak but gathered from outside sources. One of my older email accounts is in it BUT with password that was never used on this mail or on any other of my mails. A generic [word][number] pass I use for some shitty forums etc - generally places that I'm no worried about any data leak. So it info was prolly gathered in multiple not-very well protected places where user register using email and just sorted for gmail adresses.

10 years ago
Permalink

Comment has been collapsed.

this is where google earn profits, selling our data...it's not a new.and i don't trust this hacker excuse

10 years ago
Permalink

Comment has been collapsed.

this site to check has no "about" or whatever it has to have
so it proly that everbody "checking" just giving mail adress to some spam database
have fun getting mails about dates and online pharmacy

10 years ago
Permalink

Comment has been collapsed.

to be on the safe side change your passwords, but if you usually do that somewhat regularly dont bother, i checked the suposed leaked password on my email, and it was bogus and i know FOR SURE that i never used that password, not even anywhere outside!

10 years ago
Permalink

Comment has been collapsed.

Iam use words "*@gmail" only in login on sites seller bundles. And checking on isleaked.com give me 2 first symbols on current password, so be careful.

Update: Forgot to say current password from bundle site, not from gmail account.

10 years ago
Permalink

Comment has been collapsed.

Sign in through Steam to add a comment.