Gmail Hack Highlights Need for Better Security

If you're a Google Gmail user, this is bad news. An archive of about 5 million Gmail addresses and plain text passwords was leaked to an online forum. The good news is the data is old, but better security is still needed.

CSIS Security Group, a Danish security company that offers cybercrime intelligence to law enforcement agencies and financial institutions, claims it collected a EUlarge data setEU containing a massive data leak associated with Gmail. The firm pegs the number of accounts at just over 5 million and said the leak seemed to come from sources beyond Google.

Peter Kruse, chief technology officer at CSIS, pointed out that a similar data leak associated with the Russian Web mail service Mail.ru also found its way into the public eye last week. Millions of accounts from Mail.ru were dumped online. CSIS believes the Gmail data came from the same source that leaked the Mail.ru data.

EUThis episode illustrates that security is now a major, ongoing headache for consumers who will have to live with regular data breaches,EU Greg Sterling, Vice President of the Local Search Association, told us. EUThey will thus be forced to change passwords and confront more burdensome multiple-factor authentication systems as publishers and e-commerce sites implement stricter and more Byzantine security measures in the new cat-and-mouse world of hacking.EU

So What?

We also asked Craig Young, a security researcher at security firm Tripwire, to weigh in on the data leak. He told us, quite frankly, heEUs surprised this incident is receiving attention considering thereEUs no indication that the compromised passwords came directly out of GoogleEUs system. ItEUs likely that a variety of Web sites failed to properly secure user credentials and someone just picked out all the Gmail accounts for resale on the underground, he said.

EUThe unfortunate reality is that the state...

Comments are closed.

Gmail Hack Highlights Need for Better Security

If you're a Google Gmail user, this is bad news. An archive of about 5 million Gmail addresses and plain text passwords was leaked to an online forum. The good news is the data is old, but better security is still needed.

CSIS Security Group, a Danish security company that offers cybercrime intelligence to law enforcement agencies and financial institutions, claims it collected a EUlarge data setEU containing a massive data leak associated with Gmail. The firm pegs the number of accounts at just over 5 million and said the leak seemed to come from sources beyond Google.

Peter Kruse, chief technology officer at CSIS, pointed out that a similar data leak associated with the Russian Web mail service Mail.ru also found its way into the public eye last week. Millions of accounts from Mail.ru were dumped online. CSIS believes the Gmail data came from the same source that leaked the Mail.ru data.

EUThis episode illustrates that security is now a major, ongoing headache for consumers who will have to live with regular data breaches,EU Greg Sterling, Vice President of the Local Search Association, told us. EUThey will thus be forced to change passwords and confront more burdensome multiple-factor authentication systems as publishers and e-commerce sites implement stricter and more Byzantine security measures in the new cat-and-mouse world of hacking.EU

So What?

We also asked Craig Young, a security researcher at security firm Tripwire, to weigh in on the data leak. He told us, quite frankly, heEUs surprised this incident is receiving attention considering thereEUs no indication that the compromised passwords came directly out of GoogleEUs system. ItEUs likely that a variety of Web sites failed to properly secure user credentials and someone just picked out all the Gmail accounts for resale on the underground, he said.

EUThe unfortunate reality is that the state...

Comments are closed.