Today’s guest blogger is Derek Lin, Director of Client Relations at SADA Systems.
This week, various news organizations reported that a list of 5 million Gmail addresses and passwords has been leaked online. This, quite naturally, had gotten quite a few people concerned. It has also given rise to a lot of misconceptions. We’d like to debunk these misconceptions and bring some calm to the storm.
Let’s review the facts: the list contains 4,939,090 Gmail addresses and passwords. Some reports state the list is not the result of a single breach, but multiple breaches. This is quite misleading, because it makes it sounds as if Google’s security has been repeatedly compromised. The reality is actually the opposite: Google’s security has not been compromised at all. These passwords were collected not from hacking Google, but from hacking users — that is, when people fall for a phishing scam and enter their credentials into a fake site (misrepresented as Google), their passwords end up in a list like this one.
It takes a long time to accumulate this much data, so most of the passwords (over 98% of them) are already outdated. Google has access to this list (as well as other lists), and takes proactive action to protect the users who still haven’t changed their passwords. Thus, the value of this list is nowhere near what some blogs would have you believe.
The best thing we can do is to use this event as an opportunity to raise awareness about internet security, and establish more clarity around security issues. To that end, we have compiled the table below to help bring about more level-headed composure:
For additional information that is much more credible than the internet grapevine, please visit Google’s Online Security Blog here.