MOUNTAIN VIEW (CBS SF) — Nearly five million Google Gmail usernames and passwords have been posted to a Russian website, according to a number of published reports.
Russian news outlets reported a database containing 4.93 million names and passwords were uploaded Tuesday to a Russian bitcoin forum, which has reportedly purged the passwords while the email addresses remained. The hack was first reported by Russian website CNews.
In a statement, Google (GOOG) said the list was likely phished from malware-infected computers and contained older, or outdated login information. Posts on the Russian-language forum asserted that more than 60 percent of the identities were still in use and could be accessed immediately, according to Russian media outlet RIA Novosti.
“The security of our users’ information is a top priority for us,” a Google representative said in a statement. “We have no evidence that our systems have been compromised, but whenever we become aware that accounts may have been, we take steps to help those users secure their accounts.”
IS MY GMAIL ACCOUNT COMPROMISED?
Users who want to find out if their Gmail addresses and passwords may have been leaked can use a couple of tools to check: securityalert.knowem.com and haveibeenpwned.com. A previous link publicized by a number of media outlets, including CBS SF, to check their accounts is now being scrutinized.
Security experts warn against avoid typing usernames together with passwords on any website that claims to check to see if the account has been compromised as hackers frequently use this so-called ‘honeypot’ method to steal more identities.
Users are also recommended to enable two-factor authentication, change older passwords and use different passwords for different accounts.