View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 11, 2014

Gmail credential cache is ‘mostly useless’

5 million email addresses and passwords likely old credentials.

By Jimmy Nicholls

Google has found the five million alleged Gmail credentials posted on Russian forum Bitcoin Security to be ‘mostly useless’.

The discovery of the email and password cache yesterday provoked speculation amongst the security community, with the author claiming that at least 60% of the passwords were valid.

Google’s spam team said: "We found that less than 2% of the username and password combinations might have worked, and our automated anti-hijacking systems would have blocked many of those login attempts.

"It’s important to note that in this case and in others, the leaked usernames and passwords were not the result of a breach of Google systems."

CBR understands that the passwords were probably old credentials compiled through phishing, malware and as a result of password reuse, in circumstances similar to those used to create the CyberVor cache.

Chris Boyd, intelligence analyst at Malwarebytes, said: "While it does seem likely that the logins have been rolled up from older phishing campaigns, it is a timely reminder to ensure everybody is using strong, unique passwords for all of their web services and making use of 2 factor authentication whenever possible."

Websites that purport to allow users to check if their email addresses are still secure have also caused controversy, with some claiming they are run by scammers looking to harvest email addresses and browser information.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Google recommends that users consider switching to two-factor authentication, which links user accounts to their phones to provide an extra layer of security.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.