Almost 5 million Gmail usernames and passwords were posted to a Russian bitcoin forum today, causing a whole bunch of email users around the world to say “I have to change my password…again?”
The cache, first reported on by Russian news site Cnews, has since been deleted from the forums, but the poster claimed that 60 percent of the passwords were valid. There is a silver lining in this particular cloud: 40 percent of the passwords are out of date or invalid. That could be good news for people who are concerned about their account’s security – if they’ve changed their password recently, there’s a chance that they’re not at risk at all.
Google, for its part, has told The Next Web that it doesn’t believe that the usernames and passwords came from a security breach of its system. That means it’s likely the information came from phishing attacks and malware, which means people are more likely to have already changed their login information.
Those people who are concerned their account is at risk should go ahead and change their password. It’s a hassle, but it’s better than the alternative of sending out spam to friends, or having an attacker break into other accounts. In addition, they can also enable two-factor authentication, which would prevent an attacker from logging in without access to a user’s smartphone.
For more information on how to better secure your digital life, check out GeekWire’s guide to creating a good password system.
