Nearly 5 million Gmail credentials leaked, really?
This month, almost 5 million Gmail credentials published in a Bitcoin security forum by a Russian hacker. According to RIA Novosty (one of the largest news agencies in Russia), this leak comes just a couple of days after the hackers published at the same forum 1.25 million Yandex accounts credentials and over 4.6 million Mail.ru credentials.
But does it all true?
In an interview published on the International Business Times right after the leak, a Google spokesperson has confirmed what many security experts had already suggested, that many of the passwords in question were likely taken from a website other than Google. “The security of our users’ information is a top priority for us. We have no evidence that our systems have been compromised, but whenever we become aware that accounts may have been, we take steps to help those users secure their accounts.”
Also Yandex and Mail.ru published a very similar response to these publications which said that the databases containing the compromised email accounts comprised mostly inactive and hacked accounts which had been collected over a long period of time via phishing and Trojan viruses. The internal security systems of the companies were not compromised, they said.
Using various techniques, the F5 SOC team analyzed the leaked database and the most common passwords are still the same as they were in the past. Here is a list of the top 25 passwords and how many times they appeared in the original leaked file:
# |
Times Appeared |
Password |
1 |
47,779 |
123456 |
2 |
11,524 |
password |
3 |
11,145 |
123456789 |
4 |
8,083 |
12345 |
5 |
5,908 |
qwerty |
6 |
5,241 |
12345678 |
7 |
3,515 |
111111 |
8 |
3,008 |
abc123 |
9 |
2,968 |
123123 |
10 |
2,904 |
1234567 |
11 |
2,706 |
1234567890 |
12 |
1,983 |
1234 |
13 |
1,973 |
iloveyou |
14 |
1,852 |
password1 |
15 |
1,742 |
000000 |
16 |
1,722 |
27653 |
17 |
1,538 |
zaq12wsx |
18 |
1,534 |
tinkle |
19 |
1,514 |
qwerty123 |
20 |
1,450 |
monkey |
21 |
1419 |
target123 |
22 |
1,395 |
dragon |
23 |
1,384 |
1q2w3e4r |
24 |
1,340 |
654321 |
25 |
1,326 |
123qwe |
If you want to make sure your account hasn’t been compromised, just click here and enter your e-mail address.
Later that day, September 10th, Google published on its security blog that out of the 5 million (so called) compromised accounts no more than 10,000 combinations of usernames and passwords are real. “We found that less than 2% of the username and password combinations might have worked, and our automated anti-hijacking systems would have blocked many of those login attempts. We’ve protected the affected accounts and have required those users to reset their passwords.”
F5 customers who use the WebSafe application level encryption have already taken an additional step forward to protect their end users. WebSafe encryption component encrypts the sensitive data sent by the end-user to the organization’s servers from the application level – meaning 100% of the way and not just on the network level (SSL level). When implemented on the organization’s website, WebSafe prevents theft of credentials and foils a Trojan’s abilities.
F5 SOC recommends taking the following steps in order to keep all you private online accounts safe, from e-mail accounts to your online banking accounts:
1) Create a very strong password that contains at least two capital letters, 6 numbers & letters and two symbols.
2) Don’t wait to be asked by your provider to change your password! Change it on a regular basis every couple of weeks.
3) Don’t use the same passwords for all your accounts.
4) If offered, use second factor authentication for each account.
5) If you don’t remember all your passwords, do not keep them in one file on your laptop and make sure to add a password to each file.
6) Do not keep your passwords as a ‘Notes’ on you iPhone or iPad!!
7) Last but not least - be aware to which public Wi-Fi networks you are connecting to when traveling. You don’t want to be a victim to the next Man In The Middle attack…