MOSCOW, September 12 (RIA Novosti) - Google announced this week that the leak of nearly 5 million Google accounts is not nearly as serious as earlier reported, according to an article on the company’s security blog released Wednesday.
A Company spokesmen noted that less than 2% of the passwords actually match up with usernames, and stated that “the leaked usernames and passwords were not the result of a breach of Google systems...[but were] obtained through a combination of other sources.”
These other sources include reused usernames and passwords from other websites which may have been hacked earlier. As the Google security blog post noted, “if you reuse the same username and password across Websites, and one of those Websites gets hacked, your credentials could be used to log into the others.”
Username and password information can also be collected through malware and phishing schemes. Malware is virus software that attaches itself to your computer and steals login information. Phishing schemes are phony websites used by cybercriminals that offer to check the security of your account via the entry of personal information.
Google described the database of stolen passwords as a “credential dump” that was likely collected over several years. The database, published on the Russian language Bitcoin Security forum, has since been taken down, Russian technology site CNews.ru reported.
Slate.com contributor William Oremus noted that Google’s announcement does not mean that users should let their guard down, noting that “if anything, it might be your other accounts that you need to worry about most.” If you use your email and the same password across multiple websites, “it’s a good bet that someone somewhere will be trying to plug those credentials [in]...just on the off chance that they’ll work,” Oremus noted.
Internet security experts suggest using strong, unique passwords for each site your frequent, and changing them on a regular basis. Another option is using master password system like LastPass.com to help create and manage passwords for various sites. Google and other services also offer security precautions such as 2-step verification.
Email providers Yandex and Mail.ru, whose users’ accounts were published on the Bitcoin Security forum earlier, have conducted their own security checks, with 15% and 5% of the 1.26 and 4.66 million account logins reported valid, respectively. The companies have conducted their own programs to secure the information.
