This piece of news might not hit you well at first, but listen up: a fairly large database of over 5 million email accounts and passwords has been leaked. Many of the accounts are of Google origin, though some Russian email services such as Yandex have also been affected.
Speaking on the issue, Google says this leak is not tied to any security breach of their knowledge, and is most likely a collection of passwords that were unfortunately phished through online scams (always check that URL and security certificate before dishing over login information, folks).
As such, many of the passwords in the leaked database are likely to be outdated, or the accounts may have been purged altogether as many of them are pretty old. Some might not even be real. There’s a chance that many of them do still work, though.
Whether you were affected by this or not, it’s always a good idea to do a couple of key things when hearing news like this to make sure your account is secure:
- Change the password, preferably to something with at least 8 characters and a mix of letters, numbers and symbols.
- Setup 2-step authorization on your Google account so no one can get in unless they have access to your phone.
That should be enough to put a pretty secure digital padlock on your inbox should you be a bit paranoid about this whole ordeal. There should be little reason to worry for the most part, but it’s always important to stay up to date on issues like these.
Nice misleading title for this article
Can you clarify what you thought was misleading?
Pile of bull…
Now, isleaked is collecting all emails…
So, after all of these hacks and leaked all I need to do is put my email address into some website that will tell me if my email was hack? Sounds safe!
Update: after using my spam/phishing only email address, the website was not available. I’m not saying they are part of the problem, but…
All I get is bad gateway for the site to check
Try a different email and then yours.
Because according to other sites, that bad gateway URL ended up being to a phishing scam for you to “test” you email info and in fact, you just gave it away.
I would like to know more on how the backup codes for 2-step are generated/stored. I would hope they would not be stored at all but even then, an insider could know the algorithm to find a working backup code.
Sign me up for 3-step!
“No! Your account probably is not in public access! However, we are strongly recommend to change your password periodically.” woohoo.
Apparently [email protected] was affected :/
Which tells me it’s probably phished email. I’ve put things like that into phishing scams from sandboxed PC’s before.
I actually had it come up as one that was leaked. It actually lists the first 2 characters of the leaked password. It was an older password for my email and not my current password. I’m guessing the leaked passwords came from something that is about a year old. Just a heads up though… there are indeed leaked passwords out there.
How did you find out yours was not affected? I assumed this story would have some sort of link to a way to find out if we are affected?
mine was effected… but the password it listed as leaked was an old password. I went to the link in the story. It is legit
On some sites, they gave a link, the link ended up being another phishing site setup for people to put in their info to “check” and you effectively just gave the info away.
I thought that as well, but the one here seems legit and did accurately give me the first two characters of my previous password so they did have the passwords available to pull from.
“the one here”.. where is there one “here” in this story. IF there was one, as I don’t see one now, it must have been removed and if so, it was likely the link to the phishing scam site as I see no link “here” in the story above. And I know some sites posted the check link and then removed it when it was determined it was a phishing site.
My family is safe! But now that site has all our email addresses.
Mine is on the list. More than likely from before I last changed my password a few years ago, which was because Google was hacked at the time and isleaked.com confirmed it was the first 2 digits of my old password, so no changing of my password again today..
Same here, they had my old password and the reason I changed it back then is because my account was indeed being used to spam my address book.
That password is over a year old so this list has been complied over quite some time.
Also, before I changed my password I just turned on 2-factor authentication and the spam stopped immediately.
This is very real, my username was on the list and it showed 2 letters from my current password. Just changed to a random 18 char pw.
I want to see if i’m on the list, where is that list?