Nearly 5 million usernames and passwords appear to have been published on a Russian Bitcoin forum.
Much of the information is old and potentially out-of-date, Google representatives told Russian media, so the so-called “leak” may be more accurately described as a collection of phished and hacked credentials collected over years. In fact, many of the accounts have long been suspended or are matched with very old passwords.
The database of usernames and passwords, which was first reported by CNews, was posted on Tuesday evening to btcsec.com, a Russian-language Bitcoin security forum. The publisher, named tvskit, posted the following screenshot of the database, claiming that over 60 percent of the passwords were valid and working:
The file contains information on English-, Russian-, and Spanish-speaking users of Google services, such as Gmail and Google Plus. In addition to Google, the leak includes thousands of user credentials for Yandex, the largest search engine in Russia.
Google and Yandex representatives told CNews that while the credentials were stolen through years of phishing and hacking against individuals, their own systems were never compromised.
To protect yourself, change your password and enable two-factor authentication on Google and all your important Internet accounts.
Russia’s Bitcoin Security forum has been the scene of several major leaks over the past several days. On Tuesday, 4.66 million Mail.ru accounts were exposed. Monday, usernames and passwords from 1.26 million other Yandex accounts were published in a text file.
If you want to find out if your account is included in the leak, you can head to https://isleaked.com/en.php and input your address.