Gmail credential cache is 'mostly useless'

Google has found the five million alleged Gmail credentials posted on Russian forum Bitcoin Security to be ‘mostly useless’.

The discovery of the email and password cache yesterday provoked speculation amongst the security community, with the author claiming that at least 60% of the passwords were valid.

Google’s spam team said: "We found that less than 2% of the username and password combinations might have worked, and our automated anti-hijacking systems would have blocked many of those login attempts.

"It’s important to note that in this case and in others, the leaked usernames and passwords were not the result of a breach of Google systems."

CBR understands that the passwords were probably old credentials compiled through phishing, malware and as a result of password reuse, in circumstances similar to those used to create the CyberVor cache.

Chris Boyd, intelligence analyst at Malwarebytes, said: "While it does seem likely that the logins have been rolled up from older phishing campaigns, it is a timely reminder to ensure everybody is using strong, unique passwords for all of their web services and making use of 2 factor authentication whenever possible."

Websites that purport to allow users to check if their email addresses are still secure have also caused controversy, with some claiming they are run by scammers looking to harvest email addresses and browser information.

Google recommends that users consider switching to two-factor authentication, which links user accounts to their phones to provide an extra layer of security.

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing