A hacker, believed to be Russian, recently hacked nearly 5 million Gmail accounts and then published the usernames and passwords of the hacked accounts.
[UPDATE: A number of writers have raised questions about whether the IsLeaked.com site originally referenced below is legitimate. For those who may have concerns, this private site will also allow you to determine if your e-mail address was among the compromised Gmail accounts. Click here if you would prefer to use the private site to check your address. Either way, it’s probably a good idea for you to periodically change your passwords and to use 2-step Google authentication to protect your Google/Gmail accounts.]
Thankfully, there is a way for you to check if your account was compromised. The site IsLeaked.com allows you to type in your e-mail address to see if it was among the 5 million hacked accounts. And if you don’t feel comfortable typing in your entire address, the site allows you to exclude up to 3 characters from your e-mail address. Granted, that method won’t tell you precisely whether your account was hacked, but if the results come back clean, you’ll know your log-in information was not compromised by the recent hacking.
Google claims that the hacking incident is overhyped, and that the giant tech firm was able to block the vast majority of log-in attempts using the hacked usernames and passwords:
Reports early Wednesday of millions of Gmail addresses and passwords being leaked had users of the popular email Web app understandably alarmed — but Google says the danger has been greatly exaggerated. “We found that less than 2% of the username and password combinations might have worked,” the company wrote in a blog post, “and our automated anti-hijacking systems would have blocked many of those login attempts.”
The post also explained that the “dump” of emails and passwords wasn’t from any kind of leak in Gmail itself, but was likely harvested from “other sources” over time — smaller hacked sites, for instance, or malware on users’ own computers. Since many people reuse emails and passwords on other sites, such lists can be used by hackers to gain unauthorized access. If you might have been affected by the leak, Google should have already alerted you, locking down your account and requiring a password change.
Hyped or not, people who are worried about account security should periodically change their passwords. On its security blog yesterday, Google published some tips on how to select and protect a strong password:
A few final tips: Make sure you’re using a strong password unique to Google. Update your recovery options so we can reach you by phone or email if you get locked out of your account. And consider 2-step verification, which adds an extra layer of security to your account. You can visit g.co/accountcheckup where you’ll see a list of many of the security controls at your disposal.