Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Monday, 6 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Was it only 100,000 Gmail credentials? – Industry views

by The Gurus
September 11, 2014
in Opinions & Analysis
Share on FacebookShare on Twitter

Google has called the dumping of user credentials “one of the unfortunate realities of the Internet today”
 
In a blog post by Borbala Benko, Elie Bursztein, Tadek Pietraszek and Mark Risher at the Google Spam and Abuse Team, it acknowledged a dumping of data, but said that fewer than two per cent of the username and password combinations might have worked, and those would have mostly been blocked by its automated anti-hijacking systems.
 
It said: “We’re always monitoring for these dumps so we can respond quickly to protect our users. This week, we identified several lists claiming to contain Google and other Internet providers’ credentials. We’ve protected the affected accounts and have required those users to reset their passwords.
 
“It’s important to note that in this case and in others, the leaked usernames and passwords were not the result of a breach of Google systems. Often, these credentials are obtained through a combination of other sources.”
 
Instead, it said that these credentials were the result of reusing the same username and password across websites, and if awebsite is hacked, those credentials could be used to log into the others or attackers can use malware or phishing schemes to capture login credentials. So was this a credential horror story for Google, or an opportunity to promote stronger authentication?
 

TK Keanini, CTO of Lancope
 
“The only thing that makes five, ten or even 20 million stolen accounts useful is when they work, and by changing the password or moving to two-factor authentication, you bring the value of these leaked accounts to zero! Do your part in making it harder for the bad guys.
 
“There is some pretty solid evidence that this was not a attack on Google directly, as users have reported that accounts were from 20+ other sites on the Internet dating back 2008. If you are still using the same password for an account you established in
2008, you have a near zero chance of it being secure. Many of these sites are PHP based, so it may be a zero day in PHP, or I would not be surprised if this is just the aggregation of years of phishing and Heartbleed attacks as those two alone could have generated these types of numbers over the years.”

 
 
Troy Gill, manager of security research at web and email security company AppRiver
 
“We often see a single themed phishing or malware campaign coming in by the millions of messages per hour and that figure is just a fraction of the actual bandwidth of the email campaign. Given the fact that some cyber crime groups are capable of sending millions of phishing or malicious messages per hour, it is plausible that a group may have accumulated five million Gmail username/password combos over the course of many years.
 
“Even if just two per cent of these are still valid, that equates to 100,000 stolen credentials, which is still significant. Not to mention the high likelihood that many of these users are also currently using the very same password to access other online accounts. This should serve as a reminder of the danger of using passwords across multiple accounts, since a username or password discovered here could also be used to gain access to a different account. This is a great opportunity for all Gmail users(not just those who think they have been effected) to update their password with a new and strong replacement.”
 
 
Peter Armstrong, director of the cyber security business at Thales UK
 
“Breaches like this serve to remind us of the not just the sheer scale on which these cybercrime groups now operate, and the lengths that they will go to obtain personal details. Security threats are evolving in countless different forms on a daily – if not hourly – basis. Large organisations, such as Google, need a robust approach to cyber attacks, one that anticipates risk and aims to prevent hacks, with a clear plan in place for when they do happen. This means regular checks for malware and vulnerabilities.
 
“Cyber security is also a personal issue. Whilst organisations do have a responsibility to do protect private customer data, mistakes will happen and consumers themselves can help limit the effect under the circumstances. Using strong passwords and enabling two-step log in verification can help mitigate the threat to personal data in these circumstances. It is also advisable to avoid using the same password for multiple application environments and change them regularly using upper case, lower case and special characters: this can be a pain but it really does make a difference.”

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Irish healthcare provider selects FireEye

Next Post

44CON – Prepare for automated incident response to deal with Big Data

Recent News

Phone with app store open

$400,000 Fine for Stalkerware App Developer

February 6, 2023
london-skyline-canary-wharf

Ransomware attack halts London trading

February 3, 2023
Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

February 2, 2023
JD Sports admits data breach

JD Sports admits data breach

January 31, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information