5 million ‘compromised’ Google accounts leaked

Mechanic

Well-Known Member
Adept
Jan 22, 2009
1,099
173
151
28
I'd guess those whose passes have been compromised may have used weak or dictionary passwords, used them on multiple sites (one of which was compromised too), or didn't change them for a few years at least.
Even those with weak but new passwords were spared.
There is speculation that the password dump might be actually very old, it has been leaked to the gen pop only after the hackers had their way with it.

I myself use LastPass and generate a 25 letter alphanumeric string as a password every 6 months for Gmail and other important accounts.
Thankfully I don't think mine was leaked , but there wasn't anything interesting to begin with :p
 

Jambumali

Well-Known Member
Veteran
Jun 24, 2007
1,265
255
172
@booo LastPass is frightening for that reason alone.

For those (on Windows) who are not able to open the file with Notepad, you can try WordPad.
 

avi

Well-Known Member
Elite
Nov 23, 2010
4,178
1,737
202
I'd guess those whose passes have been compromised may have used weak or dictionary passwords, used them on multiple sites (one of which was compromised too), or didn't change them for a few years at least.
I use a very strong (yet memorable) password and totally unique to Google.

So yes, Google is compromised.
 
  • Like
Reactions: booo

asingh

Well-Known Member
Super Mod
Jun 13, 2009
6,516
1,267
303
New Delhi
Mine are not there. Was taking way too long to open in NotePad. Used MS-Access, and then queried it..!
 

artikle

Unknown Member
Adept
Jun 25, 2010
580
71
67
27
Most of these are actually part of a collection of gmail based usernames and passwords collected from sites other than Google since a long period of time (like the Gawker account leaks). In fact a lot of users whose emails are on that list traced their passwords in the list back to the time of the Gawker leaks. This is mostly the result of people using same passwords everywhere and those sites getting compromised rather than Google getting compromised and/or being subject to phishing attacks. Everyone should have two step verification to expect security IMO.
 

smnrock

Well-Known Member
Veteran
Apr 9, 2009
1,203
221
153
^that is the point here... If Google is compromised means... Why only 5 million account? And mine is not there in the list which I use from beta period got it by invite during TA period :)
 

avi

Well-Known Member
Elite
Nov 23, 2010
4,178
1,737
202
Most of these are actually part of a collection of gmail based usernames and passwords collected from sites other than Google since a long period of time (like the Gawker account leaks).
I use very strong and unique password to gmail. and I don't have even have Gawker account. So I still believe Gmail was hacked.

I am surprised nobody here on TE use unique passwords, atleast for gmail.
 

artikle

Unknown Member
Adept
Jun 25, 2010
580
71
67
27
I use very strong and unique password to gmail. and I don't have even have Gawker account. So I still believe Gmail was hacked.

I am surprised nobody here on TE use unique passwords, atleast for gmail.
Have you ever used this password anywhere? It is not only Gawker. I use unique passwords too and Im not on the list,but however unique the password, if you use it at more than one place it can get compromised. So I dont believe Gmail was hacked because most people are realizing that it is because of them using their password elsewhere.
 
Last edited:

sabby

Well-Known Member
Section Mod
Jun 13, 2009
2,335
312
173
Bangalore
I use unique password and my account is not in the list. Neither is my friends' which I checked.
 

blkrb0t

It's Nothing Personal
Veteran
Nov 3, 2010
1,520
1,165
202
Skynet
Have you ever used this password anywhere? It is not only Gawker. I use unique passwords too and Im not on the list,but however unique the password, if you use it at more than one place it can get compromised. So I dont believe Gmail was hacked because most people are realizing that it is because of them using their password elsewhere.
Unique means he only uses the password for that site. Why would he use it at more than one place?
 

avi

Well-Known Member
Elite
Nov 23, 2010
4,178
1,737
202
Have you ever used this password anywhere?
It's only used in Gmail, thats why I said unique.

I have not used this password anywhere. Not a chance. I have not saved this anywhere also, like in iCloud Keychain or Lastpass.

So anyone in similar situation like me? I asked my friends, but those buggers use common passwords.
 

artikle

Unknown Member
Adept
Jun 25, 2010
580
71
67
27
It's only used in Gmail, thats why I said unique.

I have not used this password anywhere. Not a chance. I have not saved this anywhere also, like in iCloud Keychain or Lastpass.

So anyone in similar situation like me? I asked my friends, but those buggers use common passwords.
Sorry. I tend to have brain farts like that some times. Right now, I haven't come across such people except you, but some one might turn up on this thread on reddit (http://www.reddit.com/r/worldnews/comments/2fzn3a/5_million_compromised_google_accounts_leaked/)
 

Blackend

Well-Known Member
Adept
Nov 11, 2010
235
100
56
34
Wait until lastpass gets compromised. :dead::p
LastPass offers two factor authentication as well. From what I recall, LastPass keeps all the username/password information with salted hashes so it can only be recovered with the correct credentials. With two factor authentication, the chance of someone getting into your account with just the credentials becomes negligible.
 

tkin

Well-Known Member
Adept
May 31, 2009
300
173
81
Kolkata
I'm safe, it's probably due to the fact that I had always used a very unique password for all my mail ids and my chrome sync is encrypted with a md5 hashed string.
 

booo

BA BA BA BABANANA
Veteran
Mar 4, 2008
1,742
1,802
403
Colodaro
LastPass offers two factor authentication as well. From what I recall, LastPass keeps all the username/password information with salted hashes so it can only be recovered with the correct credentials. With two factor authentication, the chance of someone getting into your account with just the credentials becomes negligible.
last time I checked, iCloud was claiming to be secure too, then the fappening happened.