A database containing more than 5 Million Google Accounts (Login ID’s and Passwords) have been leaked on Russian Cyber security Internet forum called forum.btcsec.com. The user ids and passwords mostly belonged to Russian Google users.
The leaked file which contains username and passwords in plain text was published on Tuesday under the Bitcoin security board thread of the forum. Forum administrator have since removed the passwords from the file leaving the usernames only as of now. The leak was then published on Reddit by mstrokin, where in the comments the link for the entire leak saved on Mega is available. One of the Redditors, soulwound also confirmed that the leak was genuine.
The forum user tvskit, who published the file, claims that 60% of the Id’s were valid. This was further confirmed by several users on the forum, who said that their password was found in the leaked file.
Since every Google Account is associated with Gmail, Google plus, Youtube, Adsense and other Google services, the leaked username password combination can be used to access the same.
This massive Google Account leak comes just few days after similar leaks from popular Russian internet services Mail.ru and Yandex, with 4.66 and 1.26 million compromised accounts leaked respectively.
Google Russia said that they are investigating the leaks, suggesting users to use strong password and enable two step login verification for maximum protection. However looking back to leaks from Mail.ru and Yandex, where, both the companies said that most of the accounts from the leak were either suspended or non-existent, it is hoped that majority of this leak meets the same fate.
For the looks of it, most of the accounts were collected from either any third party website/app or were collected over years using Phishing attacks.