Was your gmail password hacked?

[The Napkin]

article here
via MeFi
 
Time to change your password again. A database containing nearly 5 million Gmail user accounts and passwords was leaked on Bitcoin Security, a popular Russian website devoted to the cryptocurrency.
....
You can verify whether your account was affected by clicking here and entering your gmail address. It's that simple. You can also enable Google's 2-step verification by following the company's easy steps.
 
 
Or is this just a way to get people to click over to https://isleaked.com/en.php (whatever that is) for some reason?

 

[The Napkin]

Okay, someone says:
 
Mashable has more, including the very important detail that these aren't actually Gmail passwords, they're passwords from a site where users used their Gmail address as their login.

 

[HillysLastWalk]

People were questioning that site you linked to, there is this as well: http://securityalert.knowem.com

 

[MakMan44]

So change everything AGAIN?

 

[H78]

Heh.
 
You just made me change my password twice.

 

[rembrat]

Fantastic. So now Google has my phone number linked to my account. It's only a matter of time before people exploit the security vulnerabilities of your phone, whatever they may be. I'm still not entirely sure how radiowaves work.

 

[finnVT]

Google seems pretty good about checking where you're logging in from, though.  When I log in from a new computer, in a new place, etc, I usually have to confirm via all sorts of stuff, or else get a notification of a suspicious login attempt.  Maybe they know ways around these, but it's nice there's at least another line of defense.

 

[McDrew]

2 factor authentication is key.  If you have a smartphone, you can sync your phone to your google account, and require a second phone-generated key to log in.  I have an entire group in my phone of authenticators for Gmail, Blizzard, Github, etc.  I also don't use the same password twice, which also helps. 

 

[HillysLastWalk]

Fantastic. So now Google has my phone number linked to my account. It's only a matter of time before people exploit the security vulnerabilities of your phone, whatever they may be. I'm still not entirely sure how radiowaves work.

 
I'm probably in the minority, but as an Android user, I do *NOT* want my personal gmail address tied to my phone.
 
So if I lose my phone, someone could potentially go to my gmail Inbox (on my phone) and see the emails that are cached there?  Why do I want my email on my phone?  It's a phone.  With a browser.  I'm not on support for anything, so I don't need instantaneous notice of anything sent to my email (and I'd guess I could set up email to text me if I needed instantaneous notice for certain one's).  If someone really wants to get a hold of me, and it's that important, they can call or text.  Why would they send an email if it was *that* important?  And if I really wanted to check my email, I could login using the browser on my phone.  So I still have access to all the email I want, from my phone, without having it continually sync'ing, and storing, and connecting to my gmail.
 
So when I got my latest phone back in November I created a brand new gmail address.  A throw-away.  And my Android is tied to that account.  An account I've never used.

 

[mt8thsw9th]

How could someone access your mail if your phone is secured with a password?

 

[HillysLastWalk]

Actually, I don't.
 
As I mentioned, I'm not the typical Android user.  I use it as a phone, for text messaging, the occasional internet browsing, and google Maps.  I have one app downloaded: Zynga Poker (great when standing in line, or waiting somewhere).  That I log-out of when I'm done.  I have computers and tablets at home and at work where I can do more, and download more apps.
 
If you get my phone, you will get to see some old texts and my contacts.  Congrats.  Have fun.
 
Even when locked, and I haven't thought it through, is it 100% guaranteed that someone with real skills can't get in?  Even if so, why do I still want my phone linked to my real email address?  And continually sync'ing, storing, and connecting?  I don't.  That's really what it boils down to.

 

[ivanvamp]

So long story short:  should I change my passwords and/or go with a 2-step verification?  Will the 2-step verification be a pain when it comes to my iPad or iPhone?

 

[MakMan44]

So long story short:  should I change my passwords and/or go with a 2-step verification?  Will the 2-step verification be a pain when it comes to my iPad or iPhone?

The one I used just texted you a code that you had to plug in when you were signing in. Shouldn't be a problem with the iPad/Phone.
 
Can't answer your first half, I'm wondering that myself (although I checked Hillys's link and my email wasn't on there)

 

[brs3]

My long-dead, wicked old Blizzard account was hacked. Fortunately I change my passwords every 6 months or so. 
 
 
edit: My email was on the list. Woops!

 

[ivanvamp]

The one I used just texted you a code that you had to plug in when you were signing in. Shouldn't be a problem with the iPad/Phone.
 
Can't answer your first half, I'm wondering that myself (although I checked Hillys's link and my email wasn't on there)

 
Ok, none of my family's emails are on the list so that's good.

 

[Couperin47]

It's simple really, just keep changing all your passwords to something totally random and distinct on each account at least once a week, until even you can't figure out how to log in anywhere anymore. Perfect security has been achieved.

 

[theapportioner]

Just got an email from Etsy. Apparently my email address is on the list too.

 

[Silverdude2167]

It's simple really, just keep changing all your passwords to something totally random and distinct on each account at least once a week, until even you can't figure out how to log in anywhere anymore. Perfect security has been achieved.

Don't forget to throw your computer into the ocean after each session.