Find out if your Gmail password was stolen
Update: From what has been gathered so far, it appears as if this is not a new hack, and that the list may have been created from different sources. Google has posted an official response. According to the company, the data dump was not the result of a security breach.
Today's big news is the release of a database with more than 5 million Gmail email account user information. The database appears to include usernames, passwords and email addresses of users and while it has not been confirmed as legitimate yet by third parties it has been made available publicly on the Internet.
It is for instance possible to download all leaked email addresses from the file hosting service Mega. While you will only find email addresses listed in the 100 Megabyte text document, it is enough to verify if your own Gmail email address is affected by the leak.
Downloading the email address and searching for your own email is probably the best option that you have to find out if you are affected. If you don't want to download the packed 36 Megabyte file to find out, you can also use third-party services such as Is Leaked on the Internet.
Update: removed the direct link to the site. Use the Mega download instead to verify if your email is on that list.
Here you need to enter your Google email address first to check it against the service's database. The service will notify you if the email that you have entered has been leaked or not. To confirm that the situation is dire, it will display the first two characters of the password as well which account owners can use to verify the claim.
Change your password
If your email is on the list, change your Gmail password immediately. This is the most important step and should come before any other steps that you can undertake.
- Open the security page on the Google website.
- Click on change password.
- Enter your current password and the new password twice.
This blocks anyone from accessing your account with the old password. You may also want to sign out of all existing Gmail sessions. You find information on how to do that below.
Verify your account was not accessed
You may want to know whether your account has been accessed if your email address and user information are on that list. The best way to do so is to visit the official Gmail website, sign in to your account if you have not done so already, and click on the "details" link at the very bottom of the main screen.
This lists all recent activities sorted by data and time. For each activity, the access type, e.g. web browser or mobile, location and IP address are recorded which may provide you with additional hints.
Here you can also click on "sign out all other sessions" to block any other session that may be accessing your data at that time.
You may also want to check your Google account activity as well. Since it is possible to use a Gmail account to access other Google services, you may want to make sure that this did not happen as well.
Visit this page on the Google website to verify that all activities are legit.
Protect your account with two-factor authentication
You can improve the overall security of your account by enabling two-factor authentication. While you do need to add a mobile phone number to your account for that to work, it improves the security significantly by adding another layer of protection to the sign in process.
Attackers cannot use email address and password alone anymore as they do need access to the mobile phone number as well to check the code that is generated during the sign in process.
Here are a couple of links to get you started:
- How to enable Google two-step verification
- Use Google 2-Step authentication without mobile phone
- Google account features you need to know about
I took the MEGA archive file and sorted list of emails (and removed duplicates). The archive to download and final text file are a little bit smaller than the original MEGA and is available off of mediafire.com.
Have at it if you so desire. RICK
http://www.mediafire.com/download/w9dz11ilwp3c462/google_sorted_no_dupes.zip
A good practice is to use a password manager to manage your passwords securely. I use “Intuitive Password” online password manager, it manages all my passwords in one place securely. Also, it provides a way to login to any site with a single mouse click!
Loading a 100 mb text file will crash most home computers.
The file on mega is only 36.3mb not 100mb.
Sorry my mistake.
It is 100 MB after you extract it.
Hey, do NOT use the site listed above. There are rumors flying that it was registered to harvest emails.
Please check http://securityalert.knowem.com
For a site with a privacy policy and a substantial background in the social media world
Just for those who are interested, this list was posted with complete email and password on a Russian site, for sale in BitCoins. People have confirmed that this is a much older listing (none of mine are on there so over 6 years old; one person stated it was from 2005 time-line) of email/passwords.
This made news on many tech sites, sadly, not too popular ones, just a few days ago when it was published on the Russian forum. Trying to trace the origins right now but so far, not much is coming up on to the proper forum, but it was confirmed by Bitcoin Security.
None of my several gmail accounts is there. Phew…
plus,if someone had access to your email then just changing passwords isn’t enough you should always review all the settings recovery options,forwarding, pop imap etc.
Same here. My e-mail was in the list, and the two first characters were from one of my old passwords.
I wonder on gmail about the dot problem. For instance if the email address was joe.smith @ gmail couldn’t a hacker sign in by placing a dot after any letter in the address? I thought gmail was special in that regard. If so, do you have to check your gmail address with all the variations of a dot after every letter and at least one with no dot at all?
you can always go here https://pwnedlist.com/
I tried to open the list with some Word programs and they all choked. But Notepad++ worked great.
UGH! And how do you check on Mega’s site? The link you gave just goes to the main site. Is there a special place to check?
@Bobby
Mega is a file sharing site. The link takes you to where the text file is, so you can download it ( download button in the centre of the page) and then you can check using a text editor such as ‘notepad’ on your computer.
Thank you!
Is this only a leak from Mega? I’ve never signed up for it, so I don’t want to go doing all kinds of searching if it was only from Mega. Where was the info stolen from? You don’t list sites affected.
this got nothing to do with Mega.
Someone just posted that file for sharing on Mega service
Mine is in the list, but the password is ages old, 5+ years. Not worried at all. 2 step verification working btw.
^ This. 2 step active. No need to worry. I get a text anytime a new login is attempted.
My email is not on the list, but one strange thing happened this week. My gmail account sent a spam email to itself. The email shows up in the inbox and also in the “sent” folder. However, by looking at the “activity on the account” I see nothing unusual. How can this have happened?
thanks for the heads up, Martin. My email was in the list!
No such breach has been announced in any credible news channels. There is something fishy about this. I checked my Gmail address and was told “Yes!” my account was found.
The site also FALSELY indicated, “First two symbols of password is: it. Immediately change your password!
The first two letters of my Gmail account has NEVER started with the letters “it.” Can you point me to a recent news article about this recent theft of Google account information?
This is bullshit. It’s a FAKE site that is collecting email addresses to be added to a frickin’ SPAM list.
Ghacks’ credibility just dropped several notches on my scale. This should have been checked out more thoroughly before you send your readers off to some phishing site to get screwed by hackers.
Have you quite finished raging?
I can’t verify the motives of the site linked to by Ghacks, but in my experience the leak claims are genuine, if only for older accounts/passwords.
I have published a link to the Mega download which you can use as well to check whether your mail is listed or not. Anyway, I have removed the direct link pointing to the site.
My email acount is in the mega file i downloaded, but i can see what pass they have?
Where is the file with the pass!! I want to know witch pass they have!!
Don’t check your e-mails on that site.
You might get spam or worse.
My Wife’s account was one of those hacked but she seems to think the password is old(we use lastpass though so not really sure). Definitely not fake though.
Thanks for the useful info Martin.
I think this is somehow fake…
my email is found but
first two letters of my password are wrong
You can search through over 2.5 billion accounts at http://leakprobe.net leaked passwords database. Free search with API available and other password security services!
This is true, but the information contained is old (2-3 years, i think).
Where is the database?
Maybe it is an older list? Did you ever use a password starting with those two letters?
A buddy of mine said the same exact thing, that the first two letters of the pw were wrong, but that he DID use that pw in the past, so it’s likely they got access to an old list.
maybe…I’m not sure…I had something with those letters, but not sure that was starting with it…
but I changed that password more than 6 months ago…maybe a year
So, someone had old list of email-passwords and gave it now… everything is foggy about this..