U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

Nearly 5 million alleged Google account credentials leaked

A database containing nearly million login and passwords for Google accounts has been leaked online on a Russian cyber security internet forum. A database containing 5 million alleged Google login and password has been leaked online on a Russian cyber security internet forum. The news was spread by online media agencies, including RT.com. The huge archive is […]

Nearly 5 million alleged Google account credentials leaked

A database containing nearly million login and passwords for Google accounts has been leaked online on a Russian cyber security internet forum.

A database containing 5 million alleged Google login and password has been leaked online on a Russian cyber security internet forum. The news was spread by online media agencies, including RT.com. The huge archive is in text file format and includes credentials for alleged compromised Google accounts, the database was published on Tuesday on the Bitcoin Security board, but in time I’m writing is is no more accessible.  The list is mainly composed of accounts belonging to Google users that could be used by threat actors for the entire family of services offered by Google, from the Gmail mail service to the G+ social network.

According to RT the list includes 4.93 million entries, but for obvious reasons the forum administrators haven’t disclosed the passwords leaving only the logins in the purged list.

The figure is impressive and the repercussions under the security perspective are serious, the user on the forum with nickname “tvskit who published the file claimed that 60 percent of the passwords are valid.

“The forum user tvskit, who published the file, claimed that 60 percent of the passwords were valid, with some users confirming that they found their data in the base, reports CNews, a popular Russian IT news website.” reported the post from RT.com.

Google Russia immediately started the investigation of the alleged data breach, and announced that in any case it will encourage its users to adopt strong passwords and enable the two-factor authentication process implemented by the company for its services.

Google account credentials leaked online 2

The disclosure process is similar to other data leaks for compromised accounts belonging the Russian web services, unfortunately data breaches are becoming events very frequent worldwide. A few days ago the Russian web services Mail. Ru and Yandex suffered announced the leaks of user account credentials of 4.66 and 1.26 million accounts respectively.

In the cases reported by Russian Internet Giants Mail.ru and Yandex, according to the experts, the majority of the accounts leaked were obsolete or no more active. The company confirmed that their databases were not compromised and claimed that the leaked data was collected over the time through other kind of attacks, like phishing attacks or malware based attack, against the end-users. A similar defense was recently sustained by Apple in the case of the leak of celebrities’ naked photos online, also in that case the company revealed that its iCloud architecture was not compromised and that the users were victim of other form of direct attacks.

Stay tuned for further info.

Pierluigi Paganini

(Security Affairs –  Google account credentials, data breach)