Hackers appear to have dumped nearly 5 million Gmail usernames and passwords to a Russian bitcoin forum. Word first spread of the still-unconfirmed hack when a user posted a link to the log-in credentials in a security-centric corner of Reddit frequented by hackers, professional and aspiring.
The database (which International business Times will not link to) contains 4.93 million Google accounts belonging to English-, Russian- and Spanish-speaking users. Posts on the Russian-language bitcoin security forum asserted that more than 60 percent of the identities in question were still in use and could be accessed immediately, reported RIA Novosti, a Russian media outlet.
Google Inc. (NASDAQ:GOOGL) users concerned that their own identity might be listed among the stolen usernames are advised to avoid typing their username and password into any website that claims to check if that name has been compromised. Cybercriminals frequently use this kind of method, known as a “honeypot,” to steal even more identities. A number of sites have already appeared to distribute phishing messages under the guise of offering help.
Users can rest easier, though, if they simply change their password and turn on two-factor authentication, a minor extra log-in step that security experts have long advised users to employ to protect themselves. Google Russia is investigating the leak, according to Russia Today.
Update: A Google spokesperson has confirmed what many security experts had already suggested, that many of the passwords in question were likely taken from a website other than Google.
“The security of our users’ information is a top priority for us,” the company told The Next Web. “We have no evidence that our systems have been compromised, but whenever we become aware that accounts may have been, we take steps to help those users secure their accounts.”
The identity of the perpetrators has yet to be determined, although observers won’t be surprised that the breach first surfaced on a Russian-language forum. Hackers from Russia and Eastern Europe have been suspected in a number of recent high-profile security lapses, including the Target (NYSE:TGT) theft that turned up tens of millions of customers’ identities.
While many of the “hacked” Google identities may have in fact be the result of old hacks — specifically from outdated accounts on sites like Friendster and eHarmony — as well as phishing efforts, this update comes just days after 4.6 million Mail.ru accounts and 1.25 million Yandex email inboxes were illegally accessed. That information was uploaded to the same Russian bitcoin forum.