Hi,
This time its sad news if you use Google's Mail Service or any other Google product and might not enabled two step authentication or secure password which is not shared with anyone/anywhere.
Currently on 09 Sep 2014 23:38 a Russian BitCoin forum member has released 49,29,090 passwords with their account name and they are still publishing more.
Reference:
Original Thread: BTSEC Forum
On CNews.ru : CNews.ru
DailyDot.com : DailyDot.com
They have released database in Plain text and which is of size 103 MB (108,763,323 bytes). They have compressed using format 7z and file available for download is 28.7 MB (30,108,353 bytes).
This list includes thousands of Yandex login passwords also. While according to Google and Yandex representative, the list is some old and might be collected using Phishing pages. As per Google there might be chance of hack between data transmission between two servers containing authentication records. They are working to fix it and make it more secure.
But, what of those, who have been compromised.
Suggested steps are:
+John Bhatt
This time its sad news if you use Google's Mail Service or any other Google product and might not enabled two step authentication or secure password which is not shared with anyone/anywhere.
Currently on 09 Sep 2014 23:38 a Russian BitCoin forum member has released 49,29,090 passwords with their account name and they are still publishing more.
 |
| Snapshot with Password of database. (Image Credit: BTSEC forum) |
Reference:
Original Thread: BTSEC Forum
On CNews.ru : CNews.ru
DailyDot.com : DailyDot.com
They have released database in Plain text and which is of size 103 MB (108,763,323 bytes). They have compressed using format 7z and file available for download is 28.7 MB (30,108,353 bytes).
This list includes thousands of Yandex login passwords also. While according to Google and Yandex representative, the list is some old and might be collected using Phishing pages. As per Google there might be chance of hack between data transmission between two servers containing authentication records. They are working to fix it and make it more secure.
But, what of those, who have been compromised.
Suggested steps are:
- Keep your password strong enough.
- Do not enter your password anywhere else. Even some mail client or mobile application claiming that they serve mail might store and sent your password online.
- Enable two step authentication.
- Do not disclose your password during any online chat (asking for support/help) etc.
+John Bhatt
Google Responded to News published.
ReplyDeletehttp://googleonlinesecurity.blogspot.in/2014/09/cleaning-up-after-password-dumps.html