Russian hackers have leaked the email IDs and passwords of around 4.93 million Google accounts. The list included mainly English, Spanish, and Russian accounts. The impact of this leak is said to be severe as Google allows its users to use one single ID and Passwords across all its web products like Gmail, Drive, Plus, YouTube, Maps etc.
The details have been posted to a Russian Bitcoin forum btcsec.com by a user named Tvskit on Tuesday. Tvskit claimed that some 60% of the passwords are still active. Google in a blog post, however, refused the claim and said that only 2% of the passwords were working.
Google said that it is not a result of any sort of security breach on its end. It said in a blog post “Often, these credentials are obtained through a combination of other sources. For e.g., if users reuse the same username and password across websites, and if one of those websites gets hacked, then user’s credentials could be used to log into the other websites. Attackers can also use malware or phishing schemes to capture login credentials.”
Moreover, Google has already taken steps to help users secure their accounts and given them usual recommendations to protect their devices from malware.
eScan would recommend changing your password regardless of whether you are on the list or not by using a combination of alpha, number and special characters, enable two factor authentication for additional security, create app specific passwords, keep strong passwords and make sure to change passwords regularly. Since Android based SmartPhones require Gmail account, always adhere to the Google security settings, and review the websites/applications which have access to your Google account. To check whether your account is included in the leak, visit isleaked.com and input your email address.