An archive containing nearly 5 million Gmail addresses and plain text passwords was posted Tuesday on an online forum, but the data is old and likely sourced from multiple data breaches according to one security firm.
A user with the online alias “tvskit” posted the archive file on a Bitcoin security forum called btcsec.com and claimed that over 60 percent of credentials found inside are valid.
“We can’t confirm that it is indeed as much as 60 percent, but a great amount of the leaked data is legitimate,” said Peter Kruse, the chief technology officer of CSIS Security Group, a Danish security company that provides cybercrime intelligence to financial institutions and law enforcement.
CSIS researchers analyzed the data and concluded that it is up to 3 years old based on correlations with past leaks.
“We believe the data doesn’t originate from Google directly,” Kruse said via email. “Instead it’s likely it comes from various sources that have been compromised.”
This means that many of the leaked passwords do not correspond to Gmail or Google accounts, but to accounts on other sites where users have used their Gmail addresses as the user name.
Click here to read more.
SOURCE: PC World