While Gmail claims most of the passwords published may not work, it is best to change your passwords frequently.
This week, hackers posted a list of almost 5 million combinations of Gmail addresses and passwords on a Russian Bitcoin forum Tuesday evening.
A Google spokesman reported that the company has “no evidence that our systems have been compromised,” and security experts seem to agree that the passwords are either old Gmail passwords obtained through phishing, or are passwords that were actually used on other sites.
Experts believe that the hackers hacked into a third party service where gmail addresses or other email addresses are used and got the password of that service not the gmail password. However, even if the list is simply a collection of old passwords belonging to minor sites, the issue that we need to address is password reuse.
If you tend to reuse your passwords you can visit www.isleaked.com/en to determine if your Gmail address was listed. If so, you should change your passwords. I recommend using longer passwords that combine special characters, numbers and capital and lowercase letters. Password managers like LastPass can help you keep track of your accounts. And of course there is the prevailing warning: Do not use the same password for everything.
Another tip is to enable two-factor authentication on services that provide it, including Gmail. That way those accounts are more secure, even in the event that someone steals your password, you will get a notification on your cell phone that someone is trying to access your account and you can flag the activity.
Google claimed in a blog post on Wednesday that less than 2% of the usernames and password combinations may might have worked. Even so, it is best to change your password frequently.
For the latest on cyber crime and online safety follow the Webdoc.