Find out if your Gmail password was stolen - gHacks Tech News

Find out if your Gmail password was stolen

Update: From what has been gathered so far, it appears as if this is not a new hack, and that the list may have been created from different sources. Google has posted an official response. According to the company, the data dump was not the result of a security breach.

Today's big news is the release of a database with more than 5 million Gmail email account user information. The database appears to include usernames, passwords and email addresses of users and while it has not been confirmed as legitimate yet by third parties it has been made available publicly on the Internet.

It is for instance possible to download all leaked email addresses from the file hosting service Mega. While you will only find email addresses listed in the 100 Megabyte text document, it is enough to verify if your own Gmail email address is affected by the leak.

Downloading the email address and searching for your own email is probably the best option that you have to find out if you are affected. If you don't want to download the packed 36 Megabyte file to find out, you can also use third-party services such as Is Leaked on the Internet.

Update: removed the direct link to the site. Use the Mega download instead to verify if your email is on that list.

Here you need to enter your Google email address first to check it against the service's database. The service will notify you if the email that you have entered has been leaked or not. To confirm that the situation is dire, it will display the first two characters of the password as well which account owners can use to verify the claim.

gmail account hacked

Change your password

If your email is on the list, change your Gmail password immediately. This is the most important step and should come before any other steps that you can undertake.

  1. Open the security page on the Google website.
  2. Click on change password.
  3. Enter your current password and the new password twice.

This blocks anyone from accessing your account with the old password. You may also want to sign out of all existing Gmail sessions. You find information on how to do that below.

Verify your account was not accessed

gmail login history

You may want to know whether your account has been accessed if your email address and user information are on that list. The best way to do so is to visit the official Gmail website, sign in to your account if you have not done so already, and click on the "details" link at the very bottom of the main screen.

This lists all recent activities sorted by data and time. For each activity, the access type, e.g. web browser or mobile, location and IP address are recorded which may provide you with additional hints.

Here you can also click on "sign out all other sessions" to block any other session that may be accessing your data at that time.

You may also want to check your Google account activity as well. Since it is possible to use a Gmail account to access other Google services, you may want to make sure that this did not happen as well.

Visit this page on the Google website to verify that all activities are legit.

Protect your account with two-factor authentication

You can improve the overall security of your account by enabling two-factor authentication. While you do need to add a mobile phone number to your account for that to work, it improves the security significantly by adding another layer of protection to the sign in process.

Attackers cannot use email address and password alone anymore as they do need access to the mobile phone number as well to check the code that is generated during the sign in process.

Here are a couple of links to get you started:

  1. How to enable Google two-step verification
  2. Use Google 2-Step authentication without mobile phone
  3. Google account features you need to know about
Summary
Find out if your Gmail password was stolen
Article Name
Find out if your Gmail password was stolen
Description
About 5 million Gmail email addresses and passwords were uploaded to the Internet today. Find out if your account is among the leaks and what to do about it.
Author

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. vux777 said on September 10, 2014 at 3:48 pm
    Reply

    I think this is somehow fake…
    my email is found but
    first two letters of my password are wrong

    1. Martin Brinkmann said on September 10, 2014 at 3:56 pm
      Reply

      Maybe it is an older list? Did you ever use a password starting with those two letters?

      1. vux777 said on September 10, 2014 at 4:03 pm
        Reply

        maybe…I’m not sure…I had something with those letters, but not sure that was starting with it…
        but I changed that password more than 6 months ago…maybe a year
        So, someone had old list of email-passwords and gave it now… everything is foggy about this..

      2. Jeff said on September 10, 2014 at 5:20 pm
        Reply

        A buddy of mine said the same exact thing, that the first two letters of the pw were wrong, but that he DID use that pw in the past, so it’s likely they got access to an old list.

    2. anohana said on September 10, 2014 at 4:20 pm
      Reply

      Where is the database?

    3. Anonymous said on September 11, 2014 at 4:23 am
      Reply

      This is true, but the information contained is old (2-3 years, i think).

  2. Womble said on September 10, 2014 at 4:14 pm
    Reply

    My Wife’s account was one of those hacked but she seems to think the password is old(we use lastpass though so not really sure). Definitely not fake though.

    Thanks for the useful info Martin.

  3. dag said on September 10, 2014 at 4:54 pm
    Reply

    Don’t check your e-mails on that site.
    You might get spam or worse.

  4. beachbouy said on September 10, 2014 at 5:09 pm
    Reply

    No such breach has been announced in any credible news channels. There is something fishy about this. I checked my Gmail address and was told “Yes!” my account was found.

    The site also FALSELY indicated, “First two symbols of password is: it. Immediately change your password!

    The first two letters of my Gmail account has NEVER started with the letters “it.” Can you point me to a recent news article about this recent theft of Google account information?

    This is bullshit. It’s a FAKE site that is collecting email addresses to be added to a frickin’ SPAM list.

    Ghacks’ credibility just dropped several notches on my scale. This should have been checked out more thoroughly before you send your readers off to some phishing site to get screwed by hackers.

    1. Martin Brinkmann said on September 10, 2014 at 5:57 pm
      Reply

      I have published a link to the Mega download which you can use as well to check whether your mail is listed or not. Anyway, I have removed the direct link pointing to the site.

      1. SP333 said on September 10, 2014 at 11:09 pm
        Reply

        My email acount is in the mega file i downloaded, but i can see what pass they have?
        Where is the file with the pass!! I want to know witch pass they have!!

    2. Womble said on September 10, 2014 at 7:27 pm
      Reply

      Have you quite finished raging?

      I can’t verify the motives of the site linked to by Ghacks, but in my experience the leak claims are genuine, if only for older accounts/passwords.

  5. Jeff said on September 10, 2014 at 5:19 pm
    Reply

    thanks for the heads up, Martin. My email was in the list!

  6. Jorge said on September 10, 2014 at 5:19 pm
    Reply

    My email is not on the list, but one strange thing happened this week. My gmail account sent a spam email to itself. The email shows up in the inbox and also in the “sent” folder. However, by looking at the “activity on the account” I see nothing unusual. How can this have happened?

  7. Shoikan said on September 10, 2014 at 5:34 pm
    Reply

    Mine is in the list, but the password is ages old, 5+ years. Not worried at all. 2 step verification working btw.

    1. Bobby Phoenix said on September 10, 2014 at 6:15 pm
      Reply

      ^ This. 2 step active. No need to worry. I get a text anytime a new login is attempted.

  8. Bobby Phoenix said on September 10, 2014 at 6:18 pm
    Reply

    Is this only a leak from Mega? I’ve never signed up for it, so I don’t want to go doing all kinds of searching if it was only from Mega. Where was the info stolen from? You don’t list sites affected.

    1. vux777 said on September 10, 2014 at 6:47 pm
      Reply

      this got nothing to do with Mega.
      Someone just posted that file for sharing on Mega service

  9. Bobby Phoenix said on September 10, 2014 at 6:20 pm
    Reply

    UGH! And how do you check on Mega’s site? The link you gave just goes to the main site. Is there a special place to check?

    1. rickbee said on September 10, 2014 at 8:51 pm
      Reply

      @Bobby
      Mega is a file sharing site. The link takes you to where the text file is, so you can download it ( download button in the centre of the page) and then you can check using a text editor such as ‘notepad’ on your computer.

      1. Bobby Phoenix said on September 10, 2014 at 9:54 pm
        Reply

        Thank you!

  10. acr said on September 10, 2014 at 8:53 pm
    Reply

    I tried to open the list with some Word programs and they all choked. But Notepad++ worked great.

  11. mx said on September 10, 2014 at 9:05 pm
    Reply

    you can always go here https://pwnedlist.com/

  12. acr said on September 10, 2014 at 9:24 pm
    Reply

    I wonder on gmail about the dot problem. For instance if the email address was joe.smith @ gmail couldn’t a hacker sign in by placing a dot after any letter in the address? I thought gmail was special in that regard. If so, do you have to check your gmail address with all the variations of a dot after every letter and at least one with no dot at all?

  13. David Naylor said on September 10, 2014 at 9:40 pm
    Reply

    Same here. My e-mail was in the list, and the two first characters were from one of my old passwords.

  14. mx said on September 10, 2014 at 10:14 pm
    Reply

    plus,if someone had access to your email then just changing passwords isn’t enough you should always review all the settings recovery options,forwarding, pop imap etc.

  15. anon said on September 10, 2014 at 10:28 pm
    Reply

    None of my several gmail accounts is there. Phew…

  16. Decent60 said on September 11, 2014 at 12:23 am
    Reply

    Just for those who are interested, this list was posted with complete email and password on a Russian site, for sale in BitCoins. People have confirmed that this is a much older listing (none of mine are on there so over 6 years old; one person stated it was from 2005 time-line) of email/passwords.
    This made news on many tech sites, sadly, not too popular ones, just a few days ago when it was published on the Russian forum. Trying to trace the origins right now but so far, not much is coming up on to the proper forum, but it was confirmed by Bitcoin Security.

  17. Streko said on September 11, 2014 at 12:48 am
    Reply

    Hey, do NOT use the site listed above. There are rumors flying that it was registered to harvest emails.

    Please check http://securityalert.knowem.com

    For a site with a privacy policy and a substantial background in the social media world

  18. Dwight Stegall said on September 11, 2014 at 5:01 am
    Reply

    Loading a 100 mb text file will crash most home computers.

    1. rickbee said on September 11, 2014 at 7:15 am
      Reply

      The file on mega is only 36.3mb not 100mb.

      1. Martin Brinkmann said on September 11, 2014 at 7:41 am
        Reply

        It is 100 MB after you extract it.

      2. rickbee said on September 11, 2014 at 5:05 pm
        Reply

        Sorry my mistake.

  19. John said on September 12, 2014 at 9:28 am
    Reply

    A good practice is to use a password manager to manage your passwords securely. I use “Intuitive Password” online password manager, it manages all my passwords in one place securely. Also, it provides a way to login to any site with a single mouse click!

  20. Rick said on September 12, 2014 at 3:29 pm
    Reply

    I took the MEGA archive file and sorted list of emails (and removed duplicates). The archive to download and final text file are a little bit smaller than the original MEGA and is available off of mediafire.com.

    Have at it if you so desire. RICK

    http://www.mediafire.com/download/w9dz11ilwp3c462/google_sorted_no_dupes.zip

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.