Nearly 5M Gmail Credentials 'Leaked' on Russian Bitcoin Security Forum

Published at: Sept. 11, 2014

Alleged leaked database containing 4,929,090 Gmail email addresses and related passwords was dumped on a Russian Bitcoin Security Forum.

On September 9, user tvskit from Russian Bitcoin security forum BTCSec.com, first reported the dump of the 28.7 MB file containing more than 4.92 million of Gmail accounts and passwords, as well as several thousands of credentials from Russia's largest email service Yandex. According to the user, 60% of these credentials are valid. Since then, a forum administrator purged the passwords from it.

A study showed that the compromised accounts mostly belonged to Russian, English and Spanish-speaking users of the Google email service, reported Russian media outlet CNews.

Not only Gmail credentials give access to the email account, they also give access to other Google services such as cloud document storage Google Drive and social network G+.

Google Russia representative Svetlana Anurova said the company is investigating the alleged leak and advises users to "select strong passwords and be sure to use two-step authentication," reported CNews. She added that Google is constantly developing new levels of security to protect users, and is encrypting traffic between its data centers.

Media outlet the Next Web contacted Google regarding the issue. The company stated believing this incident wasn't the result of a security breach on its end. A Google spokesperson told the press:

"The security of our users’ information is a top priority for us. [...] We have no evidence that our systems have been compromised, but whenever we become aware that accounts may have been, we take steps to help those users secure their accounts."

Further investigation concluded that the dump combined older lists accumulated over a period of time, which could indicate the hack of a website unrelated to Google.

Gmail users are advised to avoid entering their username and password into any website claiming to check whether their credentials have been compromised. This method known as the 'honeypot' aims to steal even more identities, and many websites have already started distributing phishing messages. Russian website isleaked.com claims to help people checking if their accounts have been compromised and is already being accused of being run by the very people who leaked the database as its domain name was registered on September 8.

Russian and Eastern European hackers have been suspected in many recent security lapses, including the Target operation resulting on tens of millions of customers' identities.

The Google credentials dump comes few days after 4.6 million Mail.ru and 1.25 million Yandex email accounts have been compromised, and dumped on the very same Bitcoin Security forum.

The two Russian companies stated that most of these accounts were inactive and have been collected over a period of time via phishing and Trojan viruses. As Google, they said their internal security systems have not been compromised. 

Did you enjoy this article? You may also be interested in reading these ones:

Bitcoin Malware Used to Exploit the Russia-Ukraine Crisis Satoshi Nakamoto's Email Account Hacked

Download our sleek and user-friendly free iOS app so you never miss the latest stories!

Tags
Related Posts
Cellebrite Launches Crypto Tracer Solution to Track Illicit Transactions
Digital intelligence firm Cellebrite has launched its “Cellebrite Crypto Tracer” solution. The new offering is powered by CipherTrace and aims to trace illicit cryptocurrencies involved in money laundering, terrorism, drugs, human trafficking, weapon sales and ransomware schemes. The suite of tools will be available to investigators, analysts and non-technical agents who want to lawfully obtain evidence and trace criminals who use cryptos like Bitcoin (BTC) through the darknet. Citing figures from an Oxford University study, Cellebrite states that an estimated $76 billion worth of illegal activities involve Bitcoin. Curating millions of information references to trace transactions The Cellebrite Crypto Tracer …
Technology / July 28, 2020
Bithumb Announces External Audit Results in Wake of $13 Million Hack
South Korean cryptocurrency exchange Bithumb has conducted a professional external audit of its funds after a major hack last month, the company confirmed in a statement on April 11. Bithumb, South Korea’s largest exchange, lost around 14 billion won ($13 million) two weeks ago in an event executives believe was masterminded by an insider. Now, Bithumb has used a third party to assess its reserves, repeating its previous assurances that customer funds remained safe in cold storage wallets. The 14 billion of hacked EOS (EOS) tokens, a previous statement said, represented company-only funds. All remaining funds in its hot wallet …
Bitcoin / April 11, 2019
Ukrainian Man Faces up to 6 Years in Jail for Cryptojacking on His Own Websites
Ukraine’s Cyber Police have arrested a man who allegedly placed crypto mining malware scripts on his own websites, local law enforcement reported on March 26. The cyber crime unit of the national police of Ukraine arrested a 32-year-old man from the Bukovina region who allegedly placed cryptojacking software on a number of educational websites that he created and administered. The unspecified websites and internet resources had 1.5 million monthly visitors, the police reported. The police also stated that the installed malware on the websites was deploying visitors’ devices’ CPU and GPU power to illegally mine cryptocurrencies. The authority has conducted …
Bitcoin / March 27, 2019
North Korean hackers stole $400M in 2021, mostly ETH: Chainalysis
North Korean crypto hackers siphoned off nearly $400 million in crypto through cyber attacks in 2021 according to new data from Chainalysis. The type of crypto stolen has also seen a sea change according to the Jan. 13 report from the blockchain analytics firm. In 2017, BTC accounted for nearly all the crypto stolen by the DPRK, but it now accounts for just one fifth: “In 2021, only 20% of the stolen funds were Bitcoin, whereas 22% were either ERC-20 tokens or altcoins. And for the first time ever, Ether accounted for a majority of the funds stolen at 58%.” …
Bitcoin / Jan. 14, 2022
Hacker tries to exploit bridge protocol, fails miserably
Cross-chain bridges have increasingly become targeted by malicious entities. However, not all hackers can run away with millions in their exploit attempts. Some end up losing money from their own wallets. In a Twitter thread, Alex Shevchenko, the CEO of Aurora Labs, told the story of a hacker who attempted to exploit the Rainbow Bridge but ended up losing 5 Ether (ETH), worth around $8,000 at the time of writing. According to Shevchenko, the hacker has presented a falsified NEAR block to the Rainbow Bridge contract and submitted the required 5 ETH safe deposit. Thinking that the team would be …
Bitcoin / Aug. 23, 2022