5 million ‘compromised’ Google accounts leaked

Discussion in 'other security issues & news' started by c2d, Sep 10, 2014.

  1. c2d

    c2d Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    570
    Location:
    Bosnia
    A database of what appears to be some 5 million login and password pairs for Google accounts has been leaked to a Russian cyber security internet forum. It follows similar leaks of account data for popular Russian web services.

    -http://rt.com/news/186580-millions-google-accounts-leaked/-
     
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    It's a very odd leak. They're not for GMail accounts, or seemingly not, and while the passwords are legit, they're totally out of date (by many years).
     
  3. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    Someone is doing a spring clean of all the passwords harvested during the past years through phishing and other methods. The passwords correspond to different sites and only work on Gmail if the victim uses the same password everywhere and hasn't changed it in a long time.
     
  4. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    4,097
  5. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    This is probably the best article I've read on the Google Gmail hack or data leak that I've read thus far.
    http://arstechnica.com/security/2014/09/google-no-compromise-likely-massive-phishing-database/

    The various sites posted here at Wilders are regarded as phishing sites and users are discouraged from disclosing your account information to any of these supposed check-up sites.

    Change your passwords often and enable two factor login authentication if your PC supports this.
    https://www.google.com/landing/2step/
     
  6. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    I use pwnedlist.com since a long time and it works. Also, I'm 100% sure that I don't get any spam from them:

    http://krebsonsecurity.com/2011/11/are-you-on-the-pwnedlist/
     
  7. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    Please point out which sites/posts you are referring to.
     
  8. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  9. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    So you're saying that the half dozen sites posted my members subhrobhandari, J_L, and anon are phishing sites?
    Is this a suspicion of yours, or do you have some confirmation to substantiate what you have said?
     
  10. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    They are viewed as being suspicious at best as they all maintain server logs. There were several on .RU domains that were certainly phishing sites. This is not to say that I or anyone else is questioning the posters themselves, if that's what your inferring.

    Not a suspicion of mine - many in the security community are suggestion alternate methods in order to minimize the Gmail dump and accounts hijack.

    Use Gmail account activity to verify suspicious activity - from there you have the option to change your password or enable two factor authentication.
     
  11. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    No need to put words into anyone's mouth by speculating on inferences. What you wrote is that the sites they posted are regarded as phishing sites.
    So I asked you for substantiation. You said they are viewed as suspicious at best by the security community. That's just one more claim coming from you, not proof of any sort.

    Let me give you what I base my findings on... I visited the sites posted in that thread. No warnings of any kind were generated.
    Not from TrafficLight's Advanced Phishing Filter, not from Chrome's Anti-Phishing Protection, not from MBAM's Malicious Website Protection nor from ESET's Anti-Phishing Protection.
    Not even WOT had anything to say.
    But you say they are viewed as suspicious at best by the security community.
    Not very convincing.
     
  12. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    And I ran all six sites posted by those three members through URLVoid for their analysis by 29 different website reputation engines and domain blacklists, and everyone came up green from all 29 engines and lists.
    But you say they are viewed as suspicious at best by the security community.
     
  13. subhrobhandari

    subhrobhandari Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    708
    Thought I would chime in in the thread, checked a few things.

    1. haveibeenpwned is run by Troy Hunt, according to the about page he is an MVP and his personal website seems legit. The whois records of this and his personal website seem to match and have open information about his address and phone. I cant vouch for the website, but at least, it seems legit from the about us and whois pages.

    2. There isnt much info about hacked-db and they are protected by Domains By Proxy, so I cant say anything about them.

    3. Same for wasleaked, "Registered On September 10, 2014" no info about them whatsoever.

    4. pwnedlist - No whois, but they have some open jobs in the career page.

    5. shouldichangemypassword is being redirected to breachalarm.com. No whois, run by avalanche.
     
  14. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    4,097
Loading...