You hear a lot of chatter these days claiming that hackers have managed to pull your confidential information out of Google. There will always be rumours like that floating around. THIS IS NOT A RUMOR.
Google wasn’t hacked. What happened is that hackers appear to have leaked accounts and passwords from over 5 million GMAIL accounts. This past Tuesday, in an online bitcoin forum called btcsec.com, a user with the alias “tvskit” posted an archive of over 5 million Gmail addresses and plain text passwords. Of these 5 million Google account passwords, about 1 to 2% are valid.
A number of industry security specialists have analyzed the information and concluded that many of the accounts are over three years old. They also believe that this security breach did not originate from Google, but from third-party sites where users use their Google accounts and Gmail credentials to access information. A number of the Gmail accounts listed came from Yandex.com, a Russian email service.
First Things First: Don’t panic. Only 1-2% of the leaked information can actually grant access to an account, so chances are, you’re not likely affected. That said, there’s no way to know for certain, so it’s better to be safe than sorry.
You can take easy steps to ensure you’re protected from this sort of thing, and to re-secure your account on the off chance your information was included in the leak. If you think you may have been compromised, call Sydney Technology Solutions now at (02) 8212 4722, and we can help you take the right steps.
But Beware: There is a new site called isleaked.com claiming it can be used to validate your Google account to ensure it wasn’t one of the accounts compromised. This domain was registered two days prior to the Gmail leak went public, which is very suspicious. We are recommending that you do not use this site to validate your Google account.
So what CAN you do? The process is quite simple. Change your Google password immediately and enable Google two-step verification on your account. Google has published a blog to help setup your Google account securely.
Google recommends the following tips to safeguard your online services:
- Use unique passwords on all your online services – if you use duplicate passwords all over the place, cybercriminals will have a much easier time of hacking multiple services and stealing your identity.
- Use long passwords, the longer the password the harder to guess – in fact, the best passwords are actual PHRASES, not just words. Something like 321_dingDongtheWitchisDead_789 is much more difficult to guess than banana15.
- Mix up your password with uppercase, numbers and symbols – the more variation you use, the less likely someone will get it right.
- Use a phrase that only you will know – phrases can be much easier to remember than single words, plus they’re easier to keep unique. You’re not likely to forget if your password includes the phrase sonoonetoldyoulifewasgonnabethisway, for instance, if your favorite 90s show was Friends.
- Never share your password with anyone – it might feel like overkill to say this again and again, but you never can be too careful. Someone you fully trust might accidentally be less careful with your password than you are. It doesn’t take someone deliberately trying to harm you for you to be compromised.
As your trusted IT company in Sydney we highly recommend that you take all the required safety precautions to protect your online accounts, not just Google but ALL online services your business may use.
Have questions about your online security for your Sydney business? Contact us today at (02) 8212 4722 or [email protected] to book a complimentary security review of your information technology. Our security experts know how cybercriminals work, and they’ll help you discover any vulnerabilities in your systems AND show you how they can be fixed.
Contact us right away and lets make sure you business is safe and secure.