The Scary Truth About Your Passwords: An Analysis of the Gmail Leak

Much of the information is old or out-of-date. Many of the accounts are suspended or have been matched to old passwords. The gmail leak appears to have been collected via phishing and hacking over several years.

Early on Tuesday, Google announced that a potential 5 million usernames and passwords associated with Gmail accounts have been leaked. It is unclear how many of them are current vs. outdated credentials. According to Google’s blog post, “less than 2 percent of the username and password combinations might have worked.”

Google encourages people to chill out about the leak. “We’re always monitoring for these dumps so we can respond quickly to protect our users,” says Google’s security team in a blog post about the leak. “We found that less than 2% of the username and password combinations might have worked, and our automated anti-hijacking systems would have blocked many of those login attempts. We’ve protected the affected accounts and have required those users to reset their passwords.

I think it’s safe enough to say that you can visit Last Pass’ email look-up tool to see if your account was part of the leaked data.  Last Pass is a big company that doesn’t need to build e-mail lists in order to sell them. They have their own Password Manager, so I’m pretty sure their not joking about their security

LastPass has published a detailed analysis of last week’s leak of 5 million Gmail logins reveals some alarming statistics.

The info-graphic below takes a look at the reality of our bad password practices, highlighting the ongoing use of weak, dictionary-based passwords that are leaving us vulnerable:


Gmail Leak - Password Security Infographic