5m Gmail emails and passwords reportedly leaked online

10 Sep 2014

Gmail appears to have been inadvertently on the end of a massive email and password leak as nearly 5m accounts appear to have been affected, but questions remain over the actual threat to users.

On the Reddit subreddit ‘netsec’, a user has posted a link supposedly showing all of the affected email names and passwords of users, many of which appear to be months, if not years, old.

According to Freedom Hacker, the original .txt file of Gmail usernames have been posted to a Russian bitcoin forum but now Gmail users who might be concerned their password may have been included are being warned not to enter their passwords into websites to check if theirs is secure.

As a result of the file being released, a number of malicious phishing sites have popped up online offering to check whether someone’s email has been hacked by asking them to provide their address.

The origin and identity of who is behind the supposed leak remain unknown. There is speculation that the data may not have been directly obtained from Google’s servers, but rather through a range of other websites where email data would have been entered.

Gmail on Android image via Shutterstock

Colm Gorey was a senior journalist with Silicon Republic