By Indusface Research Team
As per some reports, Gmail has been hacked and 5 million user names and passwords were stolen from compromised accounts. What does this mean for you? Changing the passwords again? Yup, but more importantly changing, the way you and your customers operate their accounts, the ways in which they hamper their security, consciously or unconsciously, and the ways they can stop doing that.
Google has denied the hack claim and has said that if in case such an event happens, it informs the affected users. “The security of our users’ information is a top priority for us,” a Google spokesperson commented. “We have no evidence that our systems have been compromised, but whenever we become aware that accounts may have been, we take steps to help those users secure their accounts.”
Google also claimed that the impact of this hack was widely exaggerated and that less than 2% of the username and password combinations might have worked. Google stated in an official blog post, “We found that less than 2% of the username and password combinations might have worked, and our automated anti-hijacking systems would have blocked many of those login attempts.”
How to check if your Gmail account was hacked
Following this hack, a group of programmers came up with a website, Isleaked.com. You can type in your email ID here, and it will tell you if your email is one of the 5 million affected. If you are hacked, the website will show you the first two letters of your password. The developers had initially created this website originally to help people check with the Yandex and Mail.Ru attacks.
To assure people of their honest intentions, developers have offered an option to not put in their complete email ID, but to substitute up to 3 characters with an asterisk. We have tried this, and it works.
But if Google is denying the hack, then why these stories?
There have been more than a few hacking incidents in the past, with Google’s name dragged in. This time, Google has come out with a statement. They have insisted that since no internal systems were breached and illegally accessed, they have concluded that the accounts whose login data were stolen, was due to an individual obtaining usernames and passwords from a malware infected computer.
This claim is supported by the fact that the information leaked seems to be pulled from much older lists. A large number of leaked passwords are as old as three years. Due to this, the leak is being attributed to a combination of breaches that have happened in the past.
But even though the leaked information is outdated, the majority of the security experts have strongly suggested that users should update their passwords in a regular manner, especially after news of a breach surface.
So whether your Gmail was leaked or not, it is highly recommended to change your password and you should now take advantage of the two-step authentication process provided by Gmail. This means that Google will send you a special code as an additional security measure when logging in. It might sound like a headache, especially when we want everything automated and simple, but it will protect you from the repeated hacks and breaches.
Why are so many accounts being hacked? What should be changed?
More and more social networking websites are coming up. People have tens and hundreds of accounts and every account need to have a login, username, and password. Some of them even have security questions.
So what do we do? It’s not possible to remember all these details for anyone. Neither are people very familiar with the concept of password managers. Therefore users end up using the same user id and passwords for multiple accounts. The weaker the security control implementation from an account in question, laxer are the passwords set. Essentially, this means that, if an account permits a user to use email ID as login ID and password, they use it, without spending a thought on their safety. The thought of, “why will anyone hack into my account”, is so profound that we really don’t want to bother with following some basic security measures.
Also, we do not want to check the history of recent activities in our accounts. Gmail, Facebook, etc. provide this facility. You can check from which browser, which city, your account was logged into last…you find suspicious activity, report and change your password. It’s as simple as that.
So we bring to you some simple steps that one should follow while creating and using an account, to avoid falling a victim of these frequent hacks.
How to keep your account and passwords secure?
Founder & Chief Marketing Officer, Indusface
Venky has played multiple roles within Indusface for the past 6 years. Before this, as the CTO @ Indusface, Venky created the product/service offering and technology team from scratch and grew it from ideation to getting initial customers with a proven/validated business model poised for scale. Before joining Indusface, Venky had 10+ years of experience in the security industry and had held various mgmt/leadership roles in Product Development, Professional Services, and Sales @Entrust.