Do you trust every word you read on the Web? Worrying reports out of Russia apparently claim that Gmail was hacked and your login details were stolen. Or, at least, that's the breathless interpretation of countless bloggers and churnalists. The thing is, it's plainly not true.
In today's IT Blogwatch, your humble blogwatcher despairs at the state of Web reportage.
A Web database published 5 million usernames and passwords from Gmail accounts.
Gmail mailbox names and passwords can be used to access not only email, but all Google services. MORE
Approximately 4.93 million Gmail usernames and passwords were published to a Russian Bitcoin forum. ... The good news is that this leak doesn’t seem as massive upon further inspection.
Google...does not believe this is the result of any sort of security breach. ... It seems to combine older lists accumulated over a longer period of time. There could thus be a link to hacks of sites unrelated to...Google’s services, especially if users are choosing the same usernames and passwords for other accounts. MORE
Hackers appear to have dumped nearly 5 million Gmail usernames and passwords. ... A user posted a link to the log-in credentials in a security-centric corner of Reddit frequented by hackers.
Hackers from Russia and Eastern Europe have been suspected in a number of recent high-profile security lapses, including the Target theft. ... This update comes just days after 4.6 million Mail.ru accounts and 1.25 million Yandex email inboxes were illegally accessed [and] uploaded to the same Russian bitcoin forum. MORE
Google patrons are now urged to change their password. ... Google customers may not be at risk if they’ve recently changed their password. [It's] alarming given that many Web surfers don’t update their login credentials on a regular basis.
There’s speculation that the stolen 5 million credentials are only the tip of the proverbial iceberg. ... There’s also a possibility that the current dump was sold by hackers [to] the data-hungry cybercriminal community. MORE
[It] is likely a collection of credentials from different sources, not from a breach of the company's systems, Google stated [and] that only 2 percent of the credentials would have worked.
Passwords leaked from other websites or stolen through phishing can often be collected into large credential databases. "If you reuse [credentials] across websites, and one of those websites gets hacked, your credentials could be used to log into the others," Google's spam and abuse team said. MORE
Mine is not even a password ever used on Google. ... Supports their claim it's not due to a Google breach. MORE
We’re always monitoring for these dumps so we can respond quickly to protect our users. This week, we identified several lists claiming to contain Google...credentials.
Our automated anti-hijacking systems would have blocked many of those login attempts. We’ve protected the affected accounts. ... The leaked usernames and passwords were not the result of a breach of Google systems. ... Make sure you’re using a strong password unique to Google. Update your recovery options so we can reach you...if you get locked out of your account. And consider 2-step verification. MORE