5 million google accounts leaked

[Balthazar]

http://rt.com/news/186580-millions-google-accounts-leaked/

List file size is 28.7 MB, downloading it now

[1714935978]

1714935978

[1714935978]

1714935978

[1714935978]

1714935978

[Bitcoinexp]

A database of what appears to be some 5 million login and password pairs for Google accounts has been leaked to a Russian cyber security internet forum. It follows similar leaks of account data for popular Russian web services.

The text file containing the alleged compromised accounts data was published late on Tuesday on the Bitcoin Security board. It lists 4.93 million entries, although the forum administration has since purged passwords from it, leaving only the logins.

The accounts are mostly those of Google users and give access to Gmail mail service, G+ social network and other products of the US-based internet giant. The forum user tvskit, who published the file, claimed that 60 percent of the passwords were valid, with some users confirming that they found their data in the base, reports CNews, a popular Russian IT news website.

Google Russia said it is investigating the alleged leak, adding that it advises customers to use strong passwords and enable two-step login verification to protect their accounts.

The leak comes just days after similar leaks affected Mail.ru and Yandex, both popular Russian internet services. The previous leaks contained 4.66 and 1.26 million accounts respectively.

Both companies said that an overwhelming majority of the accounts listed were either obsolete, suspended for suspicious behavior or non-existent. They insisted that their own databases were not compromised and suggested that the leaked data was accumulated over years through phishing and other forms of hacking attacks on users.

Here's the news for those too lazy to click the link xD

[medUSA]

And the russian forum is down or too busy. Can't verify whether this file does contain a database of username and passwords. I am worried my username is in there 

[Balthazar]

It worked 10-20 minutes ago, but now seems too busy with requests, 502 and 503 errors there.

I'll soon try upload this file to my google drive.

[dodgecharger]

In the web published database with addresses and passwords to 4,930,000 mailboxes GMail. According to forum user Bitcoin Sesurity tvskit, first saying about the appearance of this database, more than 60% of couples login and password in the file are valid.
A cursory examination of the file with compromised records showed that it soedrzhatsya logins as the Russian-speaking and English-and Spanish-speaking users of the mail service Google. In addition to logins GMail database contains several thousand addresses of "Yandex".
GMail mailbox names and passwords to them can serve as a login and password to access not only to the post but to all services of Google.
Currently, the Bitcoin forum Sesurity available purified version of the password text file containing 4,930,000 accounts GMail.
The representative of the Russian office of Google Svetlana Anurova to which CNews asked to comment on the incident, told CNews, that "experts now understand what happened in this case," and advised users to "select strong passwords and be sure to use a two-step authentication." She recalled that Google is constantly developing new levels of security to protect user accounts and encrypts the information flow

[Balthazar]

https://drive.google.com/file/d/0B4cZ4tPn0KAtQ29yVEpxU295UDQ/edit?usp=sharing

[Nemo1024]

That's the one without the passwords.
My account is in the list, but it would be interesting to see if it was really compromised, or if the list is just a net-scrub of publicly-available email addresses...
Anyway, 2-factor is the thing.  

[twister]

I have 2fa enabled as well but I think it would be a good idea to change password now just to be on the safer side.

[Lethn]

This is why you always use disposable email addresses when conversing with people publicly and have entirely separate and different passwords on your financial and personal addresses.

[2dogs]

Mostly Russia-Based Users....
http://www.ibtimes.co.uk/five-million-gmail-accounts-passwords-mostly-russia-based-users-leaked-online-1464808

Downloaded but can't open to see.

[fsb4000]

That's the one without the passwords.
My account is in the list, but it would be interesting to see if it was really compromised, or if the list is just a net-scrub of publicly-available email addresses...
Anyway, 2-factor is the thing.  

You can ask tvskit(https://bitcointalk.org/index.php?action=profile;u=163342)
what the password was in database for your email. (He deleted passwords that hackers do not use this database)

[awesome31312]

Probably a bot that made five million Google accounts, or some bored kid who hired his friends to do it over the summer.

[Nemo1024]

That's the one without the passwords.
My account is in the list, but it would be interesting to see if it was really compromised, or if the list is just a net-scrub of publicly-available email addresses...
Anyway, 2-factor is the thing.  

You can ask tvskit(https://bitcointalk.org/index.php?action=profile;u=163342)
what the password was in database for your email. (He deleted passwords that hackers do not use this database)

I did so. He gave me a two letters from the start and end of the password - enough for me to see that it's my old password that I changed about 3 years ago (+-1 year). So the list seems to be valid, but dated. That password wasn't used anywhere else, so it definitely came from Google.

[medUSA]

https://drive.google.com/file/d/0B4cZ4tPn0KAtQ29yVEpxU295UDQ/edit?usp=sharing

Thanks so much! I searched the text file and my email is not in there.

[dankkk]

That's the one without the passwords.
My account is in the list, but it would be interesting to see if it was really compromised, or if the list is just a net-scrub of publicly-available email addresses...
Anyway, 2-factor is the thing.  

You can ask tvskit(https://bitcointalk.org/index.php?action=profile;u=163342)
what the password was in database for your email. (He deleted passwords that hackers do not use this database)

I did so. He gave me a two letters from the start and end of the password - enough for me to see that it's my old password that I changed about 3 years ago (+-1 year). So the list seems to be valid, but dated. That password wasn't used anywhere else, so it definitely came from Google.

I think the list of passwords were likely sold many times on the darknet and eventually when the list had no more value it was published on the "internet". The hacker that got into satoshi's email address claimed that his information was being sold on the darknet.

[Bitcoinexp]

For a moment there i thought my wallet could have been compromised. Two factor authentication for ya!