This is not a breach of 183 million Gmail account passwords. This is a collection of credentials, largely stolen by infostealer malware and circulating among cyber criminals, which was collected by a security researcher and passed on to Have I Been Pwned. Over 90% of the data has already been seen in previous releases.
Adding the details of website URLs, email addresses and passwords to the Have I Been Pwned database, owner Troy Hunt said the data consisted of both “stealer logs and credential stuffing lists” including confirmed Gmail login credentials.
The “confirmed Gmail login” bit comes from contacting one of the victims at random to verify the data and he confirmed the password was his Gmail password. It doesn’t appear to be a Gmail breach, just the results of credential stealing happened to include some people logging into Gmail.
Edit: Perhaps a more useful link is the original blog post from Have I Been Pwned’s Troy Hunt.
threaded - newest
Not concerned, if it were plaintext or decryptable we’d be hearing about it much more loudly.
Use unique passwords, use 2 factor.
And use proper passwords. IDEALLY just use a password manage… not LastPass… but LastPass is better than nothing
Bitwarden is a good choice
I just reset mine once a week or so to a 20 character random generated blob.
This is not a breach of 183 million Gmail account passwords. This is a collection of credentials, largely stolen by infostealer malware and circulating among cyber criminals, which was collected by a security researcher and passed on to Have I Been Pwned. Over 90% of the data has already been seen in previous releases.
The “confirmed Gmail login” bit comes from contacting one of the victims at random to verify the data and he confirmed the password was his Gmail password. It doesn’t appear to be a Gmail breach, just the results of credential stealing happened to include some people logging into Gmail.
Edit: Perhaps a more useful link is the original blog post from Have I Been Pwned’s Troy Hunt.
Ooooh, I thought for a moment…