Gmail users are being advised to check their accounts immediately after it was discovered that more than 183 million passwords were stolen in a massive security breach.
Millions of passwords were stolen from Gmail users PHOTO: Shutterstock
Australian cybersecurity expert Troy Hunt, who disclosed the information, called the incident a vast collection of compromised data totaling 3.5 terabytes. To put the ratio into perspective, this equates to about 875 full HD movies.
“All the major suppliers have email addresses here,” Hunt explained, noting that it’s not just Gmail, but Outlook, Yahoo and others. “They’re from every place you can think of, but Gmail always comes up a lot“, he told the Daily Mail.
How to check if you have been affected
The incident took place in April but was only recently made public on Hunt’s website, Have I Been Pwned (HIBP). The compromised data contained 183 million unique email addresses, along with the sites they were used on and associated passwords.
To check if your data has been compromised, go to the Have I Been Pwned website and enter your email address in the search bar. Then press the “Check” button and you will see the list of security holes affecting your email address.
Even if it doesn’t appear in the recent Gmail breach, your information may have been involved in older breaches dating back over a decade.
If you’re one of the 183 million people affected by this latest breach, you need to change your email password as soon as possible. After that, enable two-step authentication (2FA), which sends a code to your phone to access your online accounts.
What are “stealer logs” and what risks they involve
According to Hunt, it’s not a single breach, but a collection of “stealer logs” – data files generated and compiled by malware (malicious software). “Stealer logs are more like a stream of data that constantly scatters personal information all over the place”he explained on his blog. “Once criminals have your data, it often replicates across numerous channels and platforms”.
For now, there is no information about the identity of those who created the malware. The expert pointed out that not only the password associated with the email account can be compromised, but also the unique passwords used on other sites, such as Amazon, eBay or Netflix. “Stealer logs expose the data you enter on the sites you log into“, he added. Therefore, if your email address appears on Have I Been Pwned, it is recommended that you change your password on any platform where you use it.
In general, people put themselves more at risk when they use the same password for multiple online accounts. Computer expert and security blogger Graham Cluley said: “Always use different passwords for different accounts. You won’t be able to memorize them yourself, so use a password manager. Always enable multi-factor authentication where available for a higher level of protection”.
“It’s not just one company under attack, it’s millions of people unknowingly losing their passwords to malware. With 183 million exposed email addressesmany may be affected without knowing their systems have been compromised”Cluley added.
Benjamin Brundage of cybersecurity platform Synthient, which detects and blocks malicious actors, discovered the compromised data and forwarded it to HIBP. Brundage, who is in his final year of university in the US, advised users not to assume they are safe just because they use strong passwords. A strong password is at least 16 characters long and combines upper and lower case letters, numbers and symbols.
