Tribal Chicken

Security. Malware Research. Digital Forensics.

Credential Dump: 5 Million Google accounts

This is interesting, supposedly 5,000,000 Google usernames and passwords have been posted on a Russian bitcoin forum, however the list seems to have come not from a compromise of Google’s systems, but a large database collected from Malware, Phishing, etc.

Google has posted a response.

We found that less than 2% of the username and password combinations might have worked, and our automated anti-hijacking systems would have blocked many of those login attempts. We’ve protected the affected accounts and have required those users to reset their passwords.

It’s important to note that in this case and in others, the leaked usernames and passwords were not the result of a breach of Google systems. Often, these credentials are obtained through a combination of other sources.