# Is Your GMAIL Compromised ?



## root.king (Sep 12, 2014)

A list of 5 million Gmail addresses and passwords appeared on a Russian Bitcoin forum Wednesday.

It is still unclear how anyone obtained the vast collection of usernames and passwords.Google says its servers were not breached.The list appears to be a collection of passwords exposed in previous hacks, likely on users’ own computers, not Google’s systems.

“We have no evidence that our systems have been compromised,” Google spokeswoman Caroline Matthews said.

In fact, there’s no telling yet whether the list is even authentic, the company said.However, Google is warning affected users to take steps to further protect their Gmail accounts, such as creating a stronger password and using an extra security feature called two-step authentication.

In the meantime, there is a tool that allows you to easily check if your account has been compromised.Simply type your email address into the IsLeaked tool to see if your account has been exposed.Due to the high volume of people trying to check their accounts, the site has been experiencing a gateway error.If you get an error message, reload the page or check back a little later, Life Hacker suggests.

However, the tool is not without controversy.

Life Hacker actually isn’t promoting it anymore after it said it discovered the “tool” was made public just two days before the Gmail leak was reported.

Check here if your Gmail account was among 5 million possibly hacked | fox13now.com



click here to check : *isleaked.com/en


----------



## arijitsinha (Sep 12, 2014)

My email is on the list, but the password there is not my current password. I have changed it long back. though I am skeptical if I have ever used that password for gmail. I use this password for all the spam registrations.

I guess they hacked other websites which requires email id as login, and aggregated the email id and password combination.


----------



## rijinpk1 (Sep 12, 2014)

mine on the list too!


----------



## johnjoyjoe1979 (Sep 12, 2014)

mine too is on the list


----------



## SaiyanGoku (Sep 12, 2014)

none of mine on that list.


----------



## Anorion (Sep 12, 2014)

lol, my id is on the list
but the password is wrong, was never my password. what gives?


----------



## Vyom (Sep 12, 2014)

Anorion said:


> lol, my id is on the list
> but the password is wrong, was never my password. what gives?



So just hoax I suppose. Google denying the breach.. is true I guess then.


----------



## Anorion (Sep 12, 2014)

arijitsinha said:


> though I am skeptical if I have ever used that password for gmail. I use this password for all the spam registrations.



same here, only Im sure I have never used it for my email

- - - Updated - - -

Here is a private checker, that downloads a version of the database to your browser and checks it offline
gmail leak bloom filter password checker


Gmail has locked out compromised accounts
soo... did they cross check the passwords, somehow that is almost as creepy


----------



## amjath (Sep 12, 2014)

mine not there 

- - - Updated - - -

isleaked showing both are safe, [MENTION=56202]Anorion[/MENTION] link says one is hacked


----------



## Anorion (Sep 12, 2014)

Don't Panic

Google's Security blog on the issue


> We found that less than 2% of the username and password combinations might have worked, and our automated anti-hijacking systems would have blocked many of those login attempts. We’ve protected the affected accounts and have required those users to reset their passwords.



whole post here : Google Online Security Blog: Cleaning up after password dumps


----------



## amjath (Sep 12, 2014)

Anorion said:


> Don't Panic
> 
> Google's Security blog on the issue
> 
> ...



2 days before i tried logging in my yahoo id from my office kiosk PC, it started asking security questions. When I logged in successfully I recieved a mail that someone is trying to login from USA and if it is not me then change the password the mail said.
So this type of ip tracing anti hijacking system is what google is speaking i guess


----------



## kg11sgbg (Sep 12, 2014)

Me and my spouse both SAFE till now.Our Google a/c's not in the list.


----------



## amjath (Sep 12, 2014)

kg11sgbg said:


> Me and my spouse both SAVED!!!!!!
> Our Google a/c's not in the list.


You married


----------



## ankush28 (Sep 12, 2014)

I didn't even checked 

Two step verification FTW!


----------



## kg11sgbg (Sep 12, 2014)

amjath said:


> You married



Yep,for more than a decade.


----------



## ankush28 (Sep 12, 2014)

Don't check on isleaked tool. Its possibly scam(for making HUGE list of emails available to spammers)


----------



## Nerevarine (Sep 12, 2014)

None of my accounts compromised


----------



## kg11sgbg (Sep 13, 2014)

ankush28 said:


> Don't check on isleaked tool. Its possibly scam(for making HUGE list of emails available to spammers)


Good point,but where do we check ???


----------



## Anorion (Sep 13, 2014)

^here, it is offline and private
it can give false positives (4% chance), but not false negatives

Private Gmail Leak Tester


----------



## a_medico (Sep 13, 2014)

I didnt bother to check my id. Could the tool itself be a data collector leading to spam in the future?


----------



## Anorion (Sep 13, 2014)

the isleaked tool, you can use wildcard chars (*) for checking, without even entering email id. This just proves that they have your id, without you needing to enter it
What is suspicious is that the domain name was registered two days before the leak, and they didn't announce it


----------



## rijinpk1 (Sep 13, 2014)

Anorion said:


> lol, my id is on the list
> but the password is wrong, was never my password. what gives?



it might not be your gmail password. it can be a password you had given for some other websites  but registered with your gmail address.


----------



## ankush28 (Sep 13, 2014)

Just enable Two step verification... No need to bother about leaks! Period.


----------



## amjath (Sep 13, 2014)

I have 2 step verification too then y do I bother sheesh silly me


----------



## moniker (Sep 13, 2014)

Anorion said:


> the isleaked tool, you can use wildcard chars (*) for checking, without even entering email id. This just proves that they have your id, without you needing to enter it
> What is suspicious is that the domain name was registered two days before the leak, and they didn't announce it


When I search for *@gmail.com it shows just 291 matches. Shouldn't that be 5 million?


----------



## Nerevarine (Sep 13, 2014)

it prolly means singlechar@gmail.com..
not sure if thats even possible or not


----------



## Anorion (Sep 13, 2014)

yep it's one wildcard character per character


----------



## tkin (Sep 13, 2014)

ankush28 said:


> Just enable Two step verification... No need to bother about leaks! Period.


So if there are some issues with your mobile provider, or you had lost your phone, or you're in an area where there is poor or no network coverage but internet is there(offices), you'll be locked out of your account? Or does the two step verification works offline as well? Like a secure token?


----------



## amjath (Sep 13, 2014)

If u have authenticator app it generates 2 step  verification codes offline


----------



## rijinpk1 (Sep 13, 2014)

tkin said:


> So if there are some issues with your mobile provider, or you had lost your phone, or you're in an area where there is poor or no network coverage but internet is there(offices), you'll be locked out of your account? Or does the two step verification works offline as well? Like a secure token?



you can get back up codes.


----------



## tkin (Sep 13, 2014)

amjath said:


> If u have authenticator app it generates 2 step  verification codes offline


That's what I was asking, its good but what happens if I lose the phone?


----------



## amjath (Sep 13, 2014)

tkin said:


> That's what I was asking, its good but what happens if I lose the phone?



here are few options
*support.google.com/accounts/answer/185834?hl=en


----------



## $hadow (Sep 13, 2014)

Even though I have two step verification on and my name is on the list so should I worry about it?


----------



## .jRay. (Sep 13, 2014)

None of my account's are on the list.


----------



## ratul (Sep 13, 2014)

hmm, none of my 9 accounts are on list, of which two of the accounts are >7 years old.. 
Surprised that even the accounts i use for hacking and spam testing are not there..  Was skeptical about entering my id's on that as it might be a large mail mining scheme, but well, i don't really care about spams..  (and use wildcards to search.)


----------



## tkin (Sep 13, 2014)

ratul said:


> hmm, none of my 9 accounts are on list, of which two of the accounts are >7 years old..
> Surprised that even the accounts i use for hacking and spam testing are not there..  Was skeptical about entering my id's on that as it might be a large mail mining scheme, but well, i don't really care about spams..  (and use wildcards to search.)


I checked them with my original id, it wasn't there and I'm not worried about spams, Gmail's spam filtering algorithm is getting better day by day, I haven't received a spam in inbox in ages.


----------



## tinamalik (Sep 30, 2014)

I logged in an hour ago and received a mail that stated, someone was trying to login my mail from USA and if its not me then change the password.


----------



## vedula.k95 (Oct 3, 2014)

Ok Can somebody throw some light on the part "25th of september became known of another biggest vulnerability CVE-2014-6271 (shellshock or bashdoor). All of the devices use bash shell like routers are potentially exposed. Check yourself now!"
Is Shellshock some kind of hoax or are we gonna see bruce wills jumping out of Fighter plane to save the world?


----------



## Vyom (Oct 3, 2014)

vedula.k95 said:


> Ok Can somebody throw some light on the part "25th of september became known of another biggest vulnerability CVE-2014-6271 (shellshock or bashdoor). All of the devices use bash shell like routers are potentially exposed. Check yourself now!"
> Is Shellshock some kind of hoax or are we gonna see bruce wills jumping out of Fighter plane to save the world?



*www.digit.in/forum/technology-news...-running-bash-shell-mac-nix-users-beware.html


----------



## BryanM35 (Apr 23, 2015)

My account is compromised I experiencing some issue like my contacts have received suspicious messages from my address or my contacts and mail have gone missing.


----------



## amjath (Apr 23, 2015)

BryanM35 said:


> My account is compromised I experiencing some issue like my contacts have received suspicious messages from my address or my contacts and mail have gone missing.



Seriously bro come on look at the date. 
 [MENTION=20614]Faun[/MENTION], [MENTION=77264]Vyom[/MENTION] close it


----------



## Vyom (Apr 23, 2015)

BryanM35 said:


> My account is compromised I experiencing some issue like my contacts have received suspicious messages from my address or my contacts and mail have gone missing.



You can create a new thread in Software section.
Closing this one.


----------

