5 Million Gmail Accounts Leaked

If you have a Google account (Gmail, Google Plus, etc.) then you should be aware that nearly 5 million Gmail addresses and passwords have been revealed on a Russian Bitcoin forum Wednesday, September 10th.  It isn’t certain whether there has been a security breach in the Google servers, or if this list comes from information obtained from past scams.  Regardless, it would be safe to change your password immediately and to take the following measures to respond to this situation and protect your account:

1) Do not fall for any phishing scams.  In light of these events, there may be several websites promising to check your account’s safety.  These websites may ask you to enter your email address and other information–do not fall for this, it is likely that these are not legitimate, but they are likely to be attempts to acquire your personal information.  Be safe, and change your password.

2) Change your password immediately.  Changing your password may be inconvenient, but learning to regularly change your password is a safe practice that you will never regret.  Follow these steps to create a strong password:

a) Do not use complete words or phrases.  If you need to use a word, try breaking it  up with symbols and numbers.  Using random uppercase and lowercase letters helps, too.

b) Do not use anything that can be traced back to you.  This could include, but is not limited to, your zip code, your birthday, your graduating mascot, etc.

c) Do not use anything associated with your email address.  Avoid using the same numbers used in your email address.  Also, avoid using numbers that are associated with your email address (e.g. your birthday, your zipcode, etc.).

d) Do not use obvious keyboard combinations.  Such combinations could be ‘12345,’ ‘qwerty,’ ‘abcd,’ etc.

e) Keep it longer than 8 characters.  If possible, use an even longer password–the longer the better.

2) Take advantage of extra security measures.  Many websites offer something called a Two-Step Verification.  What this means is that you will need to verify your account by first entering your password, and secondly by entering a randomly generated code that is sent to your mobile phone.  It doesn’t take long to set up, and it could save you a great deal of grief in the future.  To set this up on Gmail, you will need to:

a) Log in to your Gmail account.

b) Click on the settings icon in the upper right hand corner, and select the Settings option.

c) Go to the “Accounts and Import” tab, and under “Change account settings” select “Change password recover options”.  Here you will be able to tether your phone number to your account, and also create a security question incase you forget your password.

3) Use different, unique passwords for different accounts.  Do not recycle passwords for different accounts.  Considering most websites today allow you to use your email for your login, hacking into one account could potentially mean free access to all of your other accounts.  You should create a unique password for every account.  Don’t just change a number or add a few more, but create a completely different password for each account.  If you have trouble remembering passwords (like the rest of the world), there are several powerful and secure password managers at hand.  1Password and Password Box are two very good (and free) options.

I understand how scary it can be to have your account hacked, but following these steps will not only make your account more secure, but it will also restore peace of mind as you wade through the threatening internet waters.  I hope this guide helps you as you either move forward from a security breach, or take measures to ensure that you never experience one.  Please leave a comment if you have any questions or if you have any personal security tips that you would like to share.  Thanks!

photocred: Rayi Christian W

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>