It has recently been revealed that no less than 5 million passwords have been leaked. However, Google claimed that there is no reason for users to worry about this.
The leaked passwords appeared online in a Russian Bitcoin security forum. A list of about 5 million Gmail addresses with their passwords were posted on his forum. Many people checked out the list to find out if their own password was listed there. Some of these users claimed that the password leaked now was an old one, while others revealed that it was a password they used on multiple sites.
This led to the supposition that those who published these passwords managed to access them from sites on which people used their email account to log in. It has also been revealed that most of the passwords included on the published list were no longer valid. However, about 100,000 of the published passwords are still functional. People in this case, need to change their passwords as fast as possible.
Until this point, Google should have notified all users that their password has been leaked. So, users are advised not to use sites that promise to allow them to find out if their password has been leaked. One of those sites is IsLeaked.com. The site appeared on September 8, one day before the leak. It promises to help users find out if their password has been accessed. Analysts advise people not to use it, as it might just be a way to access more information about an account.
Well, Google tried to calm all users down, saying that they should not worry too much about the leak. “We’re always monitoring for these dumps so we can respond quickly to protect our users,” a blog post says. “We found that less than 2% of the username and password combinations might have worked, and our automated anti-hijacking systems would have blocked many of those login attempts. We’ve protected the affected accounts and have required those users to reset their passwords,” it added.
From this point of view, the two factor authentication option is not a bad idea, after all.