Remember when the Hotmail passwords leaked yesterday and we spoke highly of how Gmail, even with its server outages, gives us peace of mind when it comes to security? Yeah, so we’re going to need some ketchup and fries to go with these delicious feet in our mouth.
The BBC is
reporting that it has in its possession the same controversial lists of leaked accounts, with the number going over 30,000. And yes, Hotmail isn’t the only email service affected by the scam as the lists also included Gmail, Yahoo Mail, AOL, Comcast and Earthlink accounts.
NeoWin, which first broke the news of the scam, reported that it had cross-checked the lists – which have now been taken down from their original postings at PasteBin – with the BBC and can confirm that it’s the same.
For its part, a Google spokesperson has said that less than 500 of its email service accounts were affected and that the phishing scam did not involve a breach of Gmail security.
In a very carefully worded and completely ambiguous statement, the spokesperson told BBC News: “We recently became aware of an industry-wide phishing scheme through which hackers gained user credentials for web-based mail accounts including Gmail accounts. As soon as we learned of the attack, we forced password resets on the affected accounts. We will continue to force password resets on additional accounts when we become aware of them.”
By all accounts, it’s unclear as to when Google detected the problem and fixed it; but the ambiguous statement does raise a few eyebrows. After all, if they had managed to do it before the lists leaked, wouldn’t they want to stress on that point?
Still, to the company’s credit, they did find a third list of phished accounts, but has yet to disclose how many of those are Gmail, Hotmail, or anything else.