Nearly five million usernames and passwords associated with Google Gmail accounts were hacked and leaked Tuesday on a Russian Bitcoin security forum.
According to a Tweet from Peter Kruse, a Danish cybersecurity expert, the data likely originated from a number of data breaches, not just one. Most of the passwords were more than three years old, he added.
Even though the information appears to be outdated, security experts recommend that people regularly update their passwords in the event of such breaches. They also suggest that Gmail users take advantage of the two-factor authentication system, which offers an added layer of security.
Google: ‘No Evidence of Compromise’
Gmail and other Google services have been the target of numerous hacking attacks in recent weeks and months. We reached out to Google to learn more about this latest incident.
“The security of our users' information is a top priority for us,” a Google spokesperson said. “We have no evidence that our systems have been compromised, but whenever we become aware that accounts may have been, we take steps to help those users secure their accounts.”
Other recent high-profile hacking incidents include a malware attack on Salesforce.com users, a security breach on JPMorganChase's computer systems, the publication of nude photos stolen from a number of celebrities' iCloud accounts, and payments-related security breaches at Home Depot, Goodwill and Target.
In the wake of Tuesday's leak, many news sites recommended that Gmail users check IsLeaked.com to see whether their personal information was among the data that had been stolen. By midday Wednesday, the IsLeaked.com Web site was unavailable, presumably overloaded with visitors attempting to check their account information.
Like other tech companies, Google must play a non-stop game of cat-and-mouse to stay ahead of spam, hacks and other security breaches. After rolling out support for non-Latin characters in Gmail last month, for example, Google announced it would begin rejecting emails with combinations of letters determined to be suspicious under the Unicode Consortium's "Highly Restricted" specifications.
According to Google insiders, there are no indications that Google's internal systems were broken into or otherwise illicitly accessed in this latest data leak. Instead, such breaches could be the result of someone stealing usernames and passwords from malware-infected computers. That would explain why the list published Tuesday appears to have been pulled together from a number of older lists that had been assembled over time.
Posted: 2015-10-27 @ 7:06am PT
It's crazy how easy it is to compromise data systems these days.
Posted: 2015-01-19 @ 3:01am PT
Hackers stole all of my gmail contacts. I changed my password, but these hackers will not stop harassing my family members with junk mail, it says "from Lindsay" in subject line, but it is not from my email address. So there is nothing in my "outbox" even when logging into gmail from my computer.
Posted: 2015-01-09 @ 2:58pm PT
Same thing happened with me. This is crazy.
Posted: 2015-01-09 @ 2:15pm PT
The problem here is when downloading Google, they get all access to your smartphone device. For a hacker, they love this because now all they have to do is hack your g-mail which is easy and once inside, they can do whatever they like with your information, sent box, outbox, spam, contact info and Google search engine. Not to mention, they also have your telephone number because it is also in your account. Scary right? Watch the news the last two months. They have been doing this more. Any phone that has iCloud or anything that Google backs up for your photos will get stolen.
Posted: 2015-01-09 @ 1:30pm PT
Yes, there were a lot of Tgirls sites in my Google search engine. Also notice how I said there were -- new account. Yes, John, that was most helpful.
Posted: 2015-01-09 @ 12:52pm PT
I checked my Gmail and there are sites I have never been on and messages I have never sent. OMG. There are site searches on tranny and dating sites more then anything. LOL. I'm a girl so that is funny.
Posted: 2015-01-09 @ 12:03pm PT
This is a response to slim's question and others like it. I am a computer forensic specialist. I am working for a company that I'm not entitled to share the name of. So let me jump right to it. So let's remember these hackers are very skilled at what they do and believe me they are very good. They're always changing up the routine they use to target your bank account.
But now they have been doing something different. So the banks are working with us to apprehend these hackers. Remember they are good. And this will not show up on your devices because they are going through your Gmail account to do this. If you look at your account and look at sent mail and notice a message that you did not send, then your Gmail has been compromised.
Go through the proper procedures to get this fixed. Look for the most familiar site or CL [chain letter] or BackPage [web advertising site] that they are more than likely targeting with a bait picture. It may look like they are working for dating sites and the reason why is to lure people and scam them out of bank account info. Since the banks have been working with us, it has been much harder for them to get this info. So good luck. Hope this answers your question.
Posted: 2015-01-09 @ 9:07am PT
The same thing happen to me they sent mail from my gmail account to other people and had dating accounts set up as me to but it never showed up in my devices.
Posted: 2015-01-09 @ 6:40am PT
My gmail account had recently been hacked. They stole photos and have sent messages from my email to other people posing as me, they also had me signed up for dating sites I never signed up for, and had visited sites in my google search engine that I never had visited. Does anyone know their objective? Why would they steall my identity? Seems like when it comes to these hackers, they have no limit.
Posted: 2014-09-23 @ 6:46am PT
@majid: Top priority is to contact your bank to report it, if you haven't already; and of course report it to Google as well.
Posted: 2014-09-23 @ 3:50am PT
I was hacked through my gmail account and the hacker transferred money from my account to Poland. What should I do? It happened Aug 27.
Posted: 2014-09-22 @ 12:18am PT
Friday night someone hack my gmail id. All my account contacts, emails -- everything got deleted. It is my personal data.
Posted: 2014-09-21 @ 9:36pm PT
Considering Google's own breach of privacy practices and NSA spying, this kind of thing just seems ironic nowadays.
Posted: 2014-09-21 @ 7:15pm PT
We have no protection, thanks. Technology is good then sometimes it really sucks in the wrong hands.
Posted: 2014-09-20 @ 8:57pm PT
Well my gmail probably has been stolen because now I can't even open my gmail page anymore and ever since I started using gmail on my mobile, all my devices at home have slowed down.
Posted: 2014-09-19 @ 8:05pm PT
My Gmail account has been compromised last night. All my account contacts, emails everything got deleted. After contacting Gmail support through different forums, they restored everything back. But everything got stolen from my account.
Posted: 2014-09-19 @ 2:00pm PT
Aren't gmail passwords stored as hashes?
Posted: 2014-09-19 @ 12:59am PT
Can't believe our security is compromised like this. Google must ensure that it doesn't encounter such breaches.
Posted: 2014-09-16 @ 9:23pm PT
@M.B.: You're right that hackers will always hack into anything they can, and everyone needs to be careful to keep an eye on their accounts and change their passwords every so often. But at the same time, the hackers need to be stopped. We shouldn't have to assume that our accounts are going to be hacked, just like we shouldn't have to worry that our homes will be robbed when we're away. And yet, the sad reality is that we all have to be vigilant at all times so we don't fall victim.
Posted: 2014-09-16 @ 8:07pm PT
Whoever the hackers are, they are always going to hack anything they can. Isn't it our responsibility to keep an eye on our own accounts and change the password every so often!
Posted: 2014-09-14 @ 5:53pm PT
I can't open my gmails and the google bar :(
Posted: 2014-09-12 @ 5:47am PT
@Dave. Do you want to identify the site which WAS the source if your username/password combination leak?
White K. Sue:
Posted: 2014-09-10 @ 4:36pm PT
I suggest everyone be careful, this "isleaked.com" is controversial, because its security has not been fully verified, and it is possible the malicious guys are using this webpage to collect your email addresses, please don't try that without caution.
Posted: 2014-09-10 @ 12:57pm PT
I would be skeptical of Google saying it didn't get hacked. It has happened before and will happen again.
Posted: 2014-09-10 @ 12:12pm PT
I think gmail users need to control their own accounts and not be so lazy so that others control their accounts.
Posted: 2014-09-10 @ 12:09pm PT
@Fred: Yes, it might be more accurate to say the accounts and passwords were stolen, rather than hacked, in this case. Although Google insiders are reportedly saying, "there are no indications that Google's internal systems were broken into or otherwise illicitly accessed in this latest data leak," it is still possible that a hacker broke in and either (a) the intrusion hasn't yet been identified, or (b) Google is not reporting details of what they found. Or, as suggested, it could be that they info was accessed and stolen in some other way.
Posted: 2014-09-10 @ 11:53am PT
This has been misinterpreted as a Google account breach, but the password that was listed for my Google account is one I have never used for my Google account, although it is one I used for a different (non-google) service, and for which my user name was my gmail email address. So, solid evidence that they have passwords, but they are not gmail passwords, just passwords associated with user names that are gmail addresses.
Posted: 2014-09-10 @ 11:52am PT
It says, "Google Gmail accounts were hacked" and then "According to Google insiders, there are no indications that Google's internal systems were broken into or otherwise illicitly accessed in this latest data leak. Instead, such breaches are often the result of someone stealing usernames and passwords from malware-infected computers."
So why does it say the accounts were hacked? I would think a tech site would know what "hacked" means. But I guess the article was written by a hack!