On Wednesday, we reported that 5 million Google credentials, consisting of email addresses and passwords, surfaced on Russian cybercriminal forums. Security experts said that the data was 3 years old, if not older, meaning customers who change their passwords on a regular basis are likely not affected by the leak.
According to the Google Spam & Abuse Team, less than 2 percent of that information might have worked. However, the company's automated anti-hijacking systems would have blocked any attempt to use those credentials. The affected accounts are now protected, and Google has contacted the account owners, stressing that their passwords need to be changed immediately.
"It's important to note that in this case and in others, the leaked usernames and passwords were not the result of a breach of Google systems," the team said. "Often, these credentials are obtained through a combination of other sources."
We've seen this song-and-dance before. Web surfers who use the same login credentials across a number of services and websites are highly at risk. While remembering a zillion passwords can be a real pain, it's better than the financial agony cybercrooks can cause by breaking into the victims' bank accounts.
"We're constantly working to keep your accounts secure from phishing, malware and spam," the team added. "For instance, if we see unusual account activity, we'll stop sign-in attempts from unfamiliar locations and devices. You can review this activity and confirm whether or not you actually took the action."
Naturally, fending off hackers includes using a super-strong password that contains letters and numbers. For those with a bad memory, keep those passwords written down in a log. Two-step protection is also great, requiring the customer to use their smartphone to generate an authentication code. The team also points users to g.co/accountcheckup, which lists a number of Google-based security controls.
Peter Kruse, the chief technology officer of CSIS Security Group in Copenhagen, Denmark, said on Wednesday that the Google-based data was dumped on several Russian cybercrime forums and shared through different peer-to-peer services. The origin of the data dump was unknown, but there's a good chance the sensitive information was provided by several sources.
Kruse said that the payload didn't seem to originate from Google directly, but rather from various sources that were compromised.