Security experts are urging Gmail users to change their passwords amid reports that hackers gained access to the credentials of 5 million users of the free email service. Some password combinations have been spotted on Russian cybercrime forums.
Peter Kruse, head of the eCrime unit at CSIS Security Group in Copenhagen, told Computerworld that most of the nearly 5 million stolen Gmail passwords are about three years old, but many are still legitimate and functioning.
He said that CSIS experts suspect that several hackers worked on an endpoint compromise to exploit vulnerable network protocols.
Google did not respond to a Computerworld request for comment but has told other news outlets that it has found no evidence that their systems have been compromised.
Google’s cloud-based email service is used by individuals as well as enterprises.
Russian media outlet RIA Novosti reported that hackers have stolen and published a database containing the Google account logins and passwords to a Bitcoin Security online forum.
The database reportedly contains 4.93 million Google accounts from English, Russian and Spanish users.
Kruse said the discovery of the hack comes just days after more than 4.6 million Russian-based Mail.ru accounts and 1.25 million Yandex e-mail boxes were reportedly compromised. Yandex is the largest Russian-based search engine.