You may have already seen the headlines, read the news, and bought the t-shirt, but I thought I'd post a quick note about the recent leak of Gmail account details. Here's one such headline and article about the leak from the Daily Dot:
If it sounds dramatic, well... that's because it is, a bit. It's not actually as bad a leak as some news sources are making out, though. Many of the more technically-minded sources are in agreement that this is not a new leak, but a compilation of old ones.
Most of the email address and password combinations will be well out of date, but, statistically speaking, a large number of accounts must still be vulnerable. Isleaked.com should let you safely check for your email address amongst those leaked. The site was registered only two days ago, but for a different incident; support for this new leak was added yesterday. Only email addresses can be entered, not passwords, and you can replace three characters of your email address with stars for extra peace of mind. E.g. firstname.lastname@example.org.*
So what can you do?
Here's your to-do list:
- If you haven't changed your Gmail password in a while, you should change it now.
- If you don't use 2-step verification for Gmail (otherwise known as two-factor authentication), you should enable that now too. It puts another wall between your data and your would-be thief, and would further diminish the risk to yourself when something like this happens.
- If you re-use the same passwords for a number of websites, you need to try to break this dangerous habit. All it takes is one weak link in the chain, and your favourite email address and password combination can get someone into all of your accounts that share those credentials. One of my previous posts about using a password manager can help you get started.
Edit: This paragraph originally advised not using isleaked.com, as its recent creation seemed more than coincidental, but further investigation into how it works has changed my mind.