As news of 183 million account credentials being leaked spreads, Gmail users have been confirmed as caught in the crosshairs. Here’s what you need to know.
The original headline on Hacker News is misleading. This is not a breach of 183 million Gmail account passwords. This is a collection of credentials, largely stolen by infostealer malware and circulating among cyber criminals, which was collected by a security researcher and passed on to Have I Been Pwned. Over 90% of the data has already been seen in previous releases.
Adding the details of website URLs, email addresses and passwords to the Have I Been Pwned database, owner Troy Hunt said the data consisted of both “stealer logs and credential stuffing lists” including confirmed Gmail login credentials.
The “confirmed Gmail login” bit comes from contacting one of the victims at random to verify the data and he confirmed the password was his Gmail password. It doesn’t appear to be a Gmail breach, just the results of credential stealing happened to include some people logging into Gmail.
Edit: Perhaps a more useful link is the original blog post from Have I Been Pwned’s Troy Hunt.
The original headline on Hacker News is misleading. This is not a breach of 183 million Gmail account passwords. This is a collection of credentials, largely stolen by infostealer malware and circulating among cyber criminals, which was collected by a security researcher and passed on to Have I Been Pwned. Over 90% of the data has already been seen in previous releases.
The “confirmed Gmail login” bit comes from contacting one of the victims at random to verify the data and he confirmed the password was his Gmail password. It doesn’t appear to be a Gmail breach, just the results of credential stealing happened to include some people logging into Gmail.
Edit: Perhaps a more useful link is the original blog post from Have I Been Pwned’s Troy Hunt.