5 million ‘compromised’ Google accounts leaked

vivek.krishnan

If you cant see the green dot, I'm offline :P
Veteran
Dec 18, 2009
7,455
1,668
253
Ghatkopar, Mumbai
plus.google.com
My id is not on the list. Nor are my other ids. One of my office collegues id is on the list. However, the password is again an older password.

As for the unique login for Google services, my password has always been unique and changes once a year. However, there are chances your computer may have a trojan/key logger, in which case this is defeated.

As for the chap who made the Sunny leone happy b'day thread, there is a very strong possibility that you could have a keygen on your own PC.
 
  • Like
Reactions: booo

vivek.krishnan

If you cant see the green dot, I'm offline :P
Veteran
Dec 18, 2009
7,455
1,668
253
Ghatkopar, Mumbai
plus.google.com
iCloud does not have two factor authentication.
Actually, it does now. However, its not of much use since I have a US account and it does not allow Indian number (unlike Google)[DOUBLEPOST=1410418842][/DOUBLEPOST]
seems my company is doing a man in the middle...
Many companies do the same, without using better tools such as proxies.
 
  • Like
Reactions: booo

booo

BA BA BA BABANANA
Veteran
Mar 4, 2008
1,742
1,802
403
Colodaro
Many companies do the same, without using better tools such as proxies.
first I tried to open the last pass site and got the invalid cert error. but when I persistently tried for few other links, found out that my site completely blocks it. for distributing malicious software... guess our security team dont want employees to use last pass. :blackeye:
so they are simply replacing the cert lol...
 

vivek.krishnan

If you cant see the green dot, I'm offline :P
Veteran
Dec 18, 2009
7,455
1,668
253
Ghatkopar, Mumbai
plus.google.com
first I tried to open the last pass site and got the invalid cert error. but when I persistently tried for few other links, found out that my site completely blocks it. for distributing malicious software... guess our security team dont want employees to use last pass. :blackeye:
I use Chrome Sync myself and dont prefer to use LastPass or some other software.

As for the security team - nothing can be done about that. Initially, my id too was blocked, now have given myself full access - even TE was blocked.

The main flaw in Chrome Password Sync is the Windows password. If that is cracked, then its game over. However, physical access to the device is needed.
 

booo

BA BA BA BABANANA
Veteran
Mar 4, 2008
1,742
1,802
403
Colodaro
As for the security team - nothing can be done about that. Initially, my id too was blocked, now have given myself full access - even TE was blocked.
the interesting thing they did was to replace the cert. now, the browser will nag and everyone thinks that last pass is a bad site. sneaky bastards. :D
 

Blackend

Well-Known Member
Adept
Nov 11, 2010
235
100
56
34
I use Chrome Sync myself and dont prefer to use LastPass or some other software.

As for the security team - nothing can be done about that. Initially, my id too was blocked, now have given myself full access - even TE was blocked.

The main flaw in Chrome Password Sync is the Windows password. If that is cracked, then its game over. However, physical access to the device is needed.
Physical access is the number one factor in security. If someone has physical access to your device, the likelihood of a breach becomes much higher. They don't need to guess your password, they can simply take the entire harddrive.
 

avi

Well-Known Member
Elite
Nov 23, 2010
4,178
1,737
202
That's why you should encrypt your HDDs too.
 

vivek.krishnan

If you cant see the green dot, I'm offline :P
Veteran
Dec 18, 2009
7,455
1,668
253
Ghatkopar, Mumbai
plus.google.com
the interesting thing they did was to replace the cert. now, the browser will nag and everyone thinks that last pass is a bad site. sneaky bastards. :D
Not really. Its a HTTPS MITM to see what site you are browsing. Done by the firewall.[DOUBLEPOST=1410427887][/DOUBLEPOST]
Physical access is the number one factor in security. If someone has physical access to your device, the likelihood of a breach becomes much higher. They don't need to guess your password, they can simply take the entire harddrive.
No. I dont agree with that completely. Each has its own factor. And we can secure it just as easily.
 
Last edited:

Ankur.

Well-Known Member
Disciple
Jun 7, 2007
168
32
91
Looks like the link is no longer working. Can anyone host it on to another place?
 

avi

Well-Known Member
Elite
Nov 23, 2010
4,178
1,737
202
^download the text file from OP.

Seriously how hard it is to do that?
 

Switch

Well-Known Member
Veteran
Jan 13, 2005
5,573
332
227
2 of my 3 email ids were listed. 1 of whose password looks compromised.