Earlier today, news started making the rounds that a list of 5 million Gmail addresses and passwords was leaked on Tuesday, Sept 9 2014.
The list appeared on a Russian Bitcoin forum site and after some review, appears to be the result of a number of years of hacking and phishing campaigns as opposed to a direct assault on the Google mothership.
Some of the accounts also appeared to be quite old, and in some cases the gmail address appeared to be the username for another online account.
So what we are probably seeing is actually some hacker’s private stash rather than someone looking for help in cracking a password database.
Regardless, here's what you need to take away from this event:
1. Assume you have an account on this list. As I mentioned before, chances are good that if you have a Gmail account (as in your.name@gmail.com), it's on this list.
2. Change your passwords. If you are one of those people who gets married to your password till death do you part, guess what - It’s now time for the divorce. Change it.
3. Don't reuse passwords. If you like to keep the same password across sites, the bad guys will use this against you. The first thing they will probably try is to use it on other email accounts you own (like Yahoo, Hotmail, Live.com, and AOL) and then they'll try the paid accounts (like Amazon, Netflix, and other shopping sites). So your first order of business, if you reuse passwords, is to change the passwords on sensitive or vital accounts. All of those old passwords that you have hanging around, retire them.
4. Don't go to those "we'll check your account for you" sites. While there will be some sites that are legit and will run a search for your account, most of the ones springing up will be phishing sites taking advantage of the situation. My recommendation, avoid them all - change your passwords.
5. Invest in a password manager: If you have a lot of passwords and you keep them on post-it notes (not a good method), then it's time to look at some of the password managers out there. Dashlane has been advertising heavily. Lastpass is another good one to try.
Watch your six out there! Mind your online access.
No comments:
Post a Comment