Reference:
http://www.technotification.com/2014/09/gmail-password-dumped.htmlA few months ago A user with online alias “tvskit ” posted an archive file containing nearly 5 million Gmail addresses and plain text passwords on Bitcoin security forum called btcsec.com and claimed that over 60 percent of credentials found inside are valid.
CSIS researchers not only analyzed the data but also concluded that it is up to 3 years old based on correlations with past leaks.
This means that many of the leaked passwords do not correspond to Gmail or Google accounts, but to accounts on other sites where users have used their Gmail addresses as the user name.
CSIS has confirmation that at least five of the leaked user name and password pairs were never used as log-in credentials for Gmail or Google accounts. This enforces the idea that the data comes from compromises outside Google, though it’s possible that they were all perpetrated by a single individual or group, Kruse said.
“The security of our users is of paramount importance to us,” a Google representative said Wednesday via email. “We have no evidence that our systems have been compromised, but whenever we become aware that an account has been compromised, we take steps to help our users secure their accounts.”
Even if many of the leaked credentials turn out not to be from Google, affected users might still want to change their passwords on websites where they used their Gmail address as the user name. A website called isleaked.com allows users to check if their email address is among those leaked.
Informtion Source: PCworld.com , CSIS and BST forum
