Nearly 4.93 million of Gmail users ' accounts and passwords were posted to the Russian bitcoin forum in Tuesday, according to foreign media reports. The bitcoin forum users who posted these account passwords said that about 60% of these were valid. But Google doesn't think Gmail has any security flaws.
A spokesman for Google said there was no evidence that Google's system had been compromised. Google will take appropriate steps to protect any account that may have been exposed to security threats. At the same time, Google recommends users to enable two-step verification, and give advice "whether you are on the list, replace your password, just in case." ”
The Forum administrator then cleans up the text content in these accounts, leaving only key information such as the user's name. The responsible person said that 60% of the accounts are valid. Also, the results of text analysis show that the text in the leaked accounts is in English, Spanish and Russian in many languages. For domestic users, if you often send English mail, you may also be in this. However, the analysis also shows that many accounts have a long life span, not related to other Google services, or have changed passwords, and even many have expired.
Want to check whether your account is in the leaked list, you can login to the relevant website, enter your own email account can be. To be on the safe side, whether you're on this list or not, change your password. Google also gives a "two-step verification" approach to enhance the security of Gmail accounts.
Overall, Google is still working harder on information security. Over the past three years, Google has invested $2 million to reward researchers who have discovered a variety of security vulnerabilities and have successfully repaired more than 2000 bugs. And Google will reward those who find problems and provide patches in open source software.
Russian Science and technology blog HABRAHABR that the leaked Gmail mailbox and password is likely to be obtained through phishing scams, there are some because the password is weak, or there are other common problems, but not from the Google server was compromised. Earlier this week, Yandex and Mail.ru's two Russian internet companies ' e-mail addresses and their passwords were also compromised.
A user can pass a leaked called "is my email?" "https://isleaked.com/results/en website to find out if your Gmail, Yandex or Mail.ru account has been stolen. The site itself is secure, and if the user is still concerned, you can also use the asterisk to hide part of the information, so that fuzzy query.
On September 10, Troy Hunter Troy Hunt, an Australian researcher, said he would soon add these mailboxes to his own https://haveibeenpwned.com website. The site summarizes a large number of accounts with passwords stolen.
Because Gmail has more than 500 million users, the affected users are not more than 1%, even if they are based on a 5 million figure. Step back, even if you're among the 5 million affected users, don't worry too much. Many of the passwords listed on the list have expired because some of the data dates back to 3 years ago. However, security personnel also recommend that users change their passwords and enable two-step verification mode to enhance account security.
4.93 million Gmail user's account password has been leaked, suspected from other site database extracted from