Los Angeles: A database containing nearly 5 million Gmail user accounts and passwords was leaked on Bitcoin Security, a popular Russian website devoted to the cryptocurrency. Word first spread of the still-unconfirmed hack when a user posted a link to the log-in credentials in a security-centric corner of Reddit frequented by hackers, professional and aspiring.
The text file containing the alleged compromised accounts data was published late on Tuesday. It lists 4.93 million entries, although the forum administration has since purged passwords from it, leaving only the logins.
The accounts are mostly those of Google users and give access to Gmail mail service, G+ social network and other products of the US-based internet giant. The forum user tvskit, who published the file, claimed that 60% of the passwords were valid, with some users confirming that they found their data in the base, reports CNews, a popular Russian IT news website.
The Russian tech blog Habrahabr theorises the leaked Gmail addresses and passwords were most likely compiled through phishing scams, use of weak passwords and other common compromises and not as a result of a hacked Google server. Similar databases of email addresses and passwords from Yandex and Mail.ru, two popular Russian-language services, were made public earlier this week.
Google Russia said it is investigating the alleged leak, adding that it advises customers to use strong passwords and enable two-step login verification to protect their accounts.
Both companies said that an overwhelming majority of the accounts listed were either obsolete, suspended for suspicious behavior or non-existent. They insisted that their own databases were not compromised and suggested that the leaked data was accumulated over years through phishing and other forms of hacking attacks on users.