Google Alleviates Fears with More Details on Gmail Passwords Leak

Discussion in 'Android News' started by dgstorm, Sep 11, 2014.

  1. dgstorm

    dgstorm Editor in Chief
    Staff Member Premium Member

    Joined:
    Dec 30, 2010
    Messages:
    11,016
    Likes Received:
    3,979
    Trophy Points:
    823
    Location:
    Austin, TX
    Ratings:
    +4,254
    [​IMG]

    Late yesterday reports came out indicating several million Gmail account passwords may have been stolen. Google has responded this morning with a reassuring account of what happened. It turns out it wasn't nearly as bad as it sounds.

    First, you can be rest assured that Google's servers were not breached by any hackers. Breaching Google's server security would likely be harder to accomplish than flying to the moon in a cardboard airplane. It turns out, Google actually found the password breach in what is called a “credential dump." This is basically a database dump from the bad guys that can be found at hacker havens on the web. It appears that most of these passwords were obtained by phishing scams, which means people were tricked into entering their password info onto a bogus website.

    Also, some of these passwords were obtained because users sometimes use their same Gmail password on other sites, so if those sites are hacked, the bad guys have their Gmail password. It turns out that "less than 2% of the username and password combinations" that were stolen would have worked for the bad guys. This is because Google has a series of security systems in place to help weed out odd behavior for Gmail accounts.

    Of course, even though it turns out things were not that bad, Google is still taking this very seriously, and in fact they have a whole division strictly devoted to dealing with security threats like these. Google has already contacted the folks who were affected by this breach and alerted them to change their passwords and setup a two-step authentication.

    It's great to see that Google is actively hacking the hackers and using their own resources against them.

    Here's a link to Google's full statement on the issue: Google Security Blog