Over 5 million Gmail user accounts have been reported to allegedly been hacked following a security breach. A list containing user email addresses and passwords was uploaded to a Russian forum however has since been removed. Question is, how has Google managed to keep this so quiet when it happened last week?
A post on Google’s security blog explained that the leak was as a result of credential dumps where data is acquired from other compromised websites or as a result of phishing attacks. Due to many people using the same password/username combination across multiple sites, it means that many other accounts can be accessed using the same details. Google claim less than 2% of the username and password combinations will have worked, although any automated anti-hijacking systems would have blocked attempted logins.
The users affected by this compromise have been notified and the passwords reset on the accounts affected, forcing users to change their password. Although users un-affected need not change their passwords, it is always a good idea to keep your account secure, looking into 2-step verification to keep security as strict as possible.