A database containing nearly million login and passwords for Google accounts has been leaked online on a Russian cyber security internet forum.
A database containing 5 million alleged Google login and password has been leaked online on a Russian cyber security internet forum. The news was spread by online media agencies, including RT.com. The huge archive is in text file format and includes credentials for alleged compromised Google accounts, the database was published on Tuesday on the Bitcoin Security board, but in time I’m writing is is no more accessible. The list is mainly composed of accounts belonging to Google users that could be used by threat actors for the entire family of services offered by Google, from the Gmail mail service to the G+ social network.
According to RT the list includes 4.93 million entries, but for obvious reasons the forum administrators haven’t disclosed the passwords leaving only the logins in the purged list.
The figure is impressive and the repercussions under the security perspective are serious, the user on the forum with nickname “tvskit“ who published the file claimed that 60 percent of the passwords are valid.
“The forum user tvskit, who published the file, claimed that 60 percent of the passwords were valid, with some users confirming that they found their data in the base, reports CNews, a popular Russian IT news website.” reported the post from RT.com.
Google Russia immediately started the investigation of the alleged data breach, and announced that in any case it will encourage its users to adopt strong passwords and enable the two-factor authentication process implemented by the company for its services.
The disclosure process is similar to other data leaks for compromised accounts belonging the Russian web services, unfortunately data breaches are becoming events very frequent worldwide. A few days ago the Russian web services Mail. Ru and Yandex suffered announced the leaks of user account credentials of 4.66 and 1.26 million accounts respectively.
In the cases reported by Russian Internet Giants Mail.ru and Yandex, according to the experts, the majority of the accounts leaked were obsolete or no more active. The company confirmed that their databases were not compromised and claimed that the leaked data was collected over the time through other kind of attacks, like phishing attacks or malware based attack, against the end-users. A similar defense was recently sustained by Apple in the case of the leak of celebrities’ naked photos online, also in that case the company revealed that its iCloud architecture was not compromised and that the users were victim of other form of direct attacks.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.