cescan (OP)
|
|
September 11, 2014, 05:33:03 AM |
|
http://www.ibtimes.com/5-million-gmail-usernames-passwords-hacked-posted-russian-bitcoin-forum-report-1684368Hackers appear to have dumped nearly 5 million Gmail usernames and passwords to a Russian bitcoin forum. Word first spread of the still-unconfirmed hack when a user posted a link to the log-in credentials in a security-centric corner of Reddit frequented by hackers, professional and aspiring. The database (which International Business Times will not link to) contains 4.93 million Google accounts belonging to English-, Russian- and Spanish-speaking users. Posts on the Russian-language bitcoin security forum asserted that more than 60 percent of the identities in question were still in use and could be accessed immediately, reported RIA Novosti, a Russian media outlet.
|
|
|
|
Somekindabitcoin
|
|
September 11, 2014, 05:34:59 AM |
|
Lemme make sure none of my emails are in there
|
|
|
|
Kluge
Donator
Legendary
Offline
Activity: 1218
Merit: 1015
|
|
September 11, 2014, 05:52:19 AM |
|
Interestingly, they didn't even try accessing them all prior to it being publicly dumped. Reading around, agreement seems to be that the passwords lifted are from another site and isn't really even a Gmail-related hack as we'd normally think of it, but a hack of another site which decided to only publish users with an account tied to Gmail. Wife's account was in there, but the password listed is a reuse password for unimportant junk sites.
Glad I have 2FA all the same.
|
|
|
|
Amitabh S
Legendary
Offline
Activity: 1001
Merit: 1005
|
|
September 11, 2014, 06:18:04 AM |
|
Lemme make sure none of my emails are in there where is the database.. even I need to check.
|
|
|
|
Kluge
Donator
Legendary
Offline
Activity: 1218
Merit: 1015
|
|
September 11, 2014, 06:34:57 AM |
|
Lemme make sure none of my emails are in there where is the database.. even I need to check. https://isleaked.com/en
|
|
|
|
Kakmakr
Legendary
Offline
Activity: 3542
Merit: 1964
Leading Crypto Sports Betting & Casino Platform
|
|
September 11, 2014, 10:21:49 AM |
|
I only use online accounts for [spam] stuff. I rather like Thunderbird mobile on USB. [Your email content stays offline and you can take it, where you want]
When your account are hacked, they do not have access to the content. ^laugh^
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
bryant.coleman
Legendary
Offline
Activity: 3738
Merit: 1217
|
|
September 11, 2014, 11:58:58 AM |
|
Even if the password is hacked, they won't be able to steal the data from gmail accounts. That is because, Gmail asks for additional verification if a log-in is attempted from an IP which is unfamiliar with that particular account. (that is not the case with other mail providers, such as GMX). However, if the hacker is having additional verification details (such as the DOB), then it can get risky.
|
|
|
|
aigeezer
Legendary
Offline
Activity: 1450
Merit: 1013
Cryptanalyst castrated by his government, 1952
|
|
September 11, 2014, 12:14:42 PM |
|
Lemme make sure none of my emails are in there where is the database.. even I need to check. https://isleaked.com/enBe careful: "All of the news articles are telling people to go to isleaked.com to check their addresses. However, I don’t think any of the media has vetted this website and could possibly be sending millions of people to a website run by people harvesting email addresses (for spam or other hacking activities.) It’s even possible that isleaked.com is run by the very people who leaked the passwords in the first place. Why do I think this? Because isleaked.com was registered on the 8th, 2 days before the story broke anywhere else." http://jameswatt.me/2014/09/10/isleaked-com-registered-2-days-before-gmail-leak-public/Murky situation, I think.
|
|
|
|
hacknoid
|
|
September 11, 2014, 12:39:21 PM |
|
Lemme make sure none of my emails are in there where is the database.. even I need to check. https://isleaked.com/enBe careful: "All of the news articles are telling people to go to isleaked.com to check their addresses. However, I don’t think any of the media has vetted this website and could possibly be sending millions of people to a website run by people harvesting email addresses (for spam or other hacking activities.) It’s even possible that isleaked.com is run by the very people who leaked the passwords in the first place. Why do I think this? Because isleaked.com was registered on the 8th, 2 days before the story broke anywhere else." http://jameswatt.me/2014/09/10/isleaked-com-registered-2-days-before-gmail-leak-public/Murky situation, I think. Indeed.... (from http://cointelegraph.com/news/112494/nearly-5m-gmail-credentials-leaked-on-russian-bitcoin-security-forum): Gmail users are advised to avoid entering their username and password into any website claiming to check whether their credentials have been compromised. This method known as the 'honeypot' aims to steal even more identities, and many websites have already started distributing phishing messages. Russian website isleaked.com claims to help people checking if their accounts have been compromised and is already being accused of being run by the very people who leaked the database as its domain name was registered on September 8.
If you are checking for your name in a leaked database, why on earth would you also enter your password? You can see if your name is there through a legit "service". Any service that proposes to check whether your password is indeed the one in the database should not be trusted!! (IOW, avoid isleaked.com!)
|
|
|
|
Kluge
Donator
Legendary
Offline
Activity: 1218
Merit: 1015
|
|
September 11, 2014, 11:13:13 PM |
|
Lemme make sure none of my emails are in there where is the database.. even I need to check. https://isleaked.com/enBe careful: "All of the news articles are telling people to go to isleaked.com to check their addresses. However, I don’t think any of the media has vetted this website and could possibly be sending millions of people to a website run by people harvesting email addresses (for spam or other hacking activities.) It’s even possible that isleaked.com is run by the very people who leaked the passwords in the first place. Why do I think this? Because isleaked.com was registered on the 8th, 2 days before the story broke anywhere else." http://jameswatt.me/2014/09/10/isleaked-com-registered-2-days-before-gmail-leak-public/Murky situation, I think. Indeed.... (from http://cointelegraph.com/news/112494/nearly-5m-gmail-credentials-leaked-on-russian-bitcoin-security-forum): Gmail users are advised to avoid entering their username and password into any website claiming to check whether their credentials have been compromised. This method known as the 'honeypot' aims to steal even more identities, and many websites have already started distributing phishing messages. Russian website isleaked.com claims to help people checking if their accounts have been compromised and is already being accused of being run by the very people who leaked the database as its domain name was registered on September 8.
If you are checking for your name in a leaked database, why on earth would you also enter your password? You can see if your name is there through a legit "service". Any service that proposes to check whether your password is indeed the one in the database should not be trusted!! (IOW, avoid isleaked.com!) o.O Isleaked provides the first two characters of the password which was leaked. It doesn't ask for a password.
|
|
|
|
|