Sign in / Join

Oh Phish, after Apple it’s Google

After Apple’s high profile iCloud disaster, Google is the latest cyber crime victim. In Google’s case, Russian hackers posted usernames and passwords of 4.93 million Google accounts to a Russian bitcoin forum.

Now, there’s some good news and some bad news. The bad news is that somebody got their hands on nearly 5 million Google users along with passwords and made them public. The good news is that even if your Google address is on the list, the password maybe too old to merit much concern (i.e. the user might have changed his/her password at some point).

The Russian technology blog, Habrahabr, has a theory that the leaked addresses and passwords were most likely compiled through phishing scams, people using weak passwords and other common mistakes new Internet users make; not as a result of a hacked Google server. Similar databases of email addresses and passwords from Yandex and Mail.ru, two popular Russian- language services, were also made public this week.

Many online news sites got in touch with Google regarding this debacle. In a statement sent to TIME Online, Google said it had “ no evidence that our systems have been compromised.”

“The security of our users’ information is a top priority for us,” the statement reads. The company added that whenever it is alerted that an account may have been compromised, “then we take steps to help those users secure their accounts.”

If you want to check whether your account is included in the leak, you can head to “isleaked.com” and enter your email ID. We would ideally not recommend this as email addresses can be accumulated and used for spamming. The best solution would be to keep changing your passwords periodically, irrespective of whether your Google ID is or isn’t on the list.