About 5 million Gmail accounts and their corresponding passwords were posted to an online forum by unanimous sources. However, the passwords do not seem to be the current passwords used and there have been no breaches reported yet.
The passwords looked old and those who recognized their Gmail ID listed in the leak told that they were not using the passwords leaked there or the passwords have been very old. Some experts also found that their Gmail IDs, which they have not been using for a very long time, to have been listed too. It seems that the leaker has managed to obtain the passwords the user used to log into minor sites with a Gmail ID to make up the list.
For instance, the passwords might have been obtained when a Gmail account and a password combination is required to use some online service on a minor site and the user keys in a random word to make use of the service for the occasion. The list was found on a Russian Bitcoin forum. Evan Engel of Mashable said that his old Gmail password that he has not used in years was also found among the list.
Google responded to the issue saying that it is not aware of any of its systems having been compromised and there has been no evidence of such an incident. Security experts said that these were old passwords and they have opined that they might have been got through phishing.
Computer Security expert Matteo Flora recognized that 60 addresses from the list were stored in her address book and upon intimating the individuals she heard that most of them were very old passwords or have never been used.
By archiving the emails associated with some minor websites by combining the Gmail address with the website with a ‘+’, it was found that some of the sites compromised include friendster, xtube, filedropper and freebiejeebies. Security experts have advised users not to use the same passwords for two or more services and to turn on two factor authentication to stay on the safe side.