Peter Kruse, the chief technology officer of CSIS Security Group in Copenhagen, Denmark, warns that 5 million Google account credentials surfaced on Tuesday on multiple Russian cybercrime forums. Google patrons are now urged to change their password and activate 2-step authentication. This discovery also includes stolen credentials from other web-based mail providers.
The good news is that the credentials stolen by cyberthieves may be as old as three years, if not older. That means many Google customers may not be at risk if they’ve recently changed their password. Still, the theft is alarming given that many Web surfers don’t update their login credentials on a regular basis.
"The security of our users' information is a top priority for us," a Google spokesperson told Govinfosecurity. "We have no evidence that our systems have been compromised, but whenever we become aware that accounts may have been, we take steps to help those users secure their accounts."
Kruse said that the data was dumped on several Russian cybercrime forums and shared through different peer-to-peer services. The origin of the data dump is unknown, but there’s a good chance the sensitive information was provided by several sources.
“We believe the data doesn’t originate from Google directly,” Kruse told PCWorld in an email. “Instead it’s likely it comes from various sources that have been compromised.”
According to the Govinfosecurity report, there’s also a 109 MB text file in circulation that lists Google user names and email addresses. This file, presumably retrieved by CSIS Security Group, does not contain the passwords, but there are reports of versions that do carry the passwords. This is in addition to the data dump on the Russian cybercriminal forums.
There’s speculation that the stolen 5 million credentials are only the tip of the proverbial iceberg. Morten Kjaersgaard, CEO of Heimdal Security, theorizes that the actual data dump could be substantially larger. There’s also a possibility that the current dump was sold by hackers to someone who then posted the info on a single forum.
As previously stated, Google patrons should change their password on a regular basis. They should also use Google’s two-step authentication process, which includes an authenticator app for Android and Apple’s iOS platform. This method is a bit of a hassle, but it’s better than having the user’s sensitive information floating around the data-hungry cybercriminal community.