Home > 5 million gmail passwords leaked today. Here are 4 actions you need to take.

5 million gmail passwords leaked today. Here are 4 actions you need to take.

Posted on September 10, 2014 by

Apparently millions of Gmail password were leaked today.

According to the International Business Times, over 5 million Gmail usernames and passwords were purportedly leaked this morning. Most of the leaked accounts are active but the leak was mainly endemic to Russian users. Google is currently investigating the veracity of the claims.

The fiasco started when someone by the name of mstrokin posted a link on Reddit to a Bitcoin Security forum (which appears to be offline at the moment) which published a database containing about 4.93 million Google accounts.

In light of the news (even if it’s just a rumor) there are at least four actions you need to take to secure your account:

Scan the leaked database for your account
Change your Gmail password
Check your Google Account activity
Sign out all other sessions

1. Scan the database for your account

The 100MB text file (36.3 MB compressed) is colossal and therefore takes a while to open. After double-clicking google_5000000.txt it took me 8 solid minutes before Notepad became responsive again.

Once the file loads press Ctrl + f and enter your Google account to see if its in the list.

I’ve noticed a preponderance of “is my account leaked?” websites popping up in light of the news but I question their authenticity. How do I know these sites aren’t collecting my Gmail account for some illicit purpose? This is part of the reason why I suggest downloading the text file and searching for your email address.

Note: the text file doesn’t list passwords or hashes just gmail accounts that were allegedly hacked.

Regardless of whether or not your account is on the list, I still think it’s prudent to change your Gmail password.

2. Change your Gmail password

Remember your Gmail password is the key to not only Gmail but also all Google properties. So if someone stole your Gmail password he or she would have access to your Google Drive and Google+ accounts too.

To change your Google password, go to your Google Security dashboard and click the Change Password link in the left pane.

After entering your old password, create a new strong password. This simple action annuls your old password and keeps the bad guys out.

I would also suggest enabling two-factor authentication. I’ve been using it for months and love the extra peace of mind. Two-factor authentication means even if you gave someone your Google password they still couldn’t access it without your cell phone.

In other words, you need two things for access: your password and something you have such as a cell phone. You should read more about two factor authentication on Google’s website.

3. Check your Google account activity

There is more as a sanity check than anything else but it’s good to know.

Open your Google account activity and pay attention to the activity list in the left pane.

There should be no surprises here.

The account history shows not only the date your account was accessed but also:

Whether it was from a PC or mobile phone and
The approximate location based on the IP address.

4. Sign out superfluous sessions

The last thing you should do is sign out all Google sessions. If you forgot to signout of Gmail from another computer such as a PC in the library, hotel lobby, or airport lounge, you can kill those sessions with a single click.

Go to your Gmail account and in the bottom right corner of the browser click the little link called Details. You might have to scroll all the way down to see it.

Scroll through the list for a few moments to observe your recent activity and then click Sign out all other sessions to kill any extant connections to your Google account.

The Bottom Line

Given the news orbiting the Gmail breach I think the intelligent thing to do is four fold:

Scan the leaked database for your account. Then, even if your account isn’t in the list, you should change your password, look at your Google activity and nuke any open sessions to your account.

I hope this helps you stay safe. Oh and as always, feel free to share your thoughts in the comments below.

Update! 09/12/14

I’ve just learned that Google responded to the leak with a post on the same day. You should read its official response here: http://googleonlinesecurity.blogspot.com.es/2014/09/cleaning-up-after-password-dumps.html

About vonnie

Connect with Vonnie on Twitter

Posted in News Tagged with: Google, Hacked, Privacy, Security

Brian Agatonovic

2 factor auth is good advice as well. I tried to say this before and my comment got removed. Not sure why, but here goes again.

https://www.google.com/landing/2step/
- Vonnie Hudson
  
  Thanks Brian. Yes, I’ve been using two-factor authentication with gmail for months now and I love it.
- kill liars
  
  Your solution to google security sieve is to recommend another google property?
  
  Demand adoption of Xmpp Texting as sink of code component.
  - Brian Agatonovic
    
    No you’re right. Everyone should learn sendmail or postfix, and run their own dns server as well.
Alex

Millions of GMAIL passwords have been leaked. Yours could be one of them. So, I have posted a completed DUMP of passowrd on http://crackomania.blogspot.com/. You can download ZIP files from here.
Shawn

I used http://www.gmailleak.com to make sure that my account is safe. two factor authentication form now on!
Ronnie Williams

try to check using this tool(looks fine to me): http://www.askingeasy.com/check-if-my-email-is-leaked
- Sam Castler
  
  Ronnie Williams, my son once did http://generatoronline.net/password/ site to create strong passwords.. Try it, maybe today it will be a useful thing.
Pingback: Does your Gmail password show up in this leaked list? | Tabarak Siyal()
kill liars

stop using google properties

the COST of their “free” services are too high
Pingback: The worse passwords of 2014 - fixedByVonnie()
Charlie

To check if your gmail account is leaked, can go to http://www.leakaccount.com .
Ali Çağlar

http://www.good-message.com
Scott thomas

I will advice you to inbox hackersusan78@gmail. Com for more information
Nadia Nad

Buy or sell Bitcoin, Ethereum, Litecoin, Tether, XRP and other cryptocurrency for UAH and USD. Choose a bitcoin wallet and check a bitcoin wallet balance. Profitable cryptocurrency rate for all clients. https://coin24.com.ua/ https://coin24.com.ua/bitcoin-koshelek https://coin24.com.ua/kurs-bitcoina https://coin24.com.ua/obmenyat-kupit-kriptovalyutu https://coin24.com.ua/obmen-kriptovalut
- Cooper Melisssa
  
  Like many other cryptocurrency exchanges, btcbit-net provides the ability to exchange cryptocurrencies between various blockchain assets and fiat currencies. In addition, btcbit-net https://scanbit.com.ua/ru/exchangers/btcbit-net/ also provides services to buy and sell cryptocurrencies for bank transfers, Visa/Mastercard and many other payment methods.However, I cannot give a specific assessment of btcbit-net as I do not have the ability to audit their platform and do not have enough information about their reputation in the market. If you are planning to use btcbit-net to exchange cryptocurrencies, I recommend reading the reviews of other users and comparing trading conditions and fees with other crypto exchanges before making a decision. Also, to protect your funds, make sure that the platform provides sufficient security and data protection.

Terms of Use For FixedByVonnie