Go Back   Team-BHP > Around the Corner > Shifting gears


Reply
 
Thread Tools Search this Thread
Old 11th September 2014, 10:09   #1
BHPian
 
Join Date: Feb 2009
Location: Bangalore
Posts: 34
Thanked: 11 Times
Default Gmail Password Leak or probable credential compromise on other websites?

Hey Folks,

You might have read about yesterday's huge dump of Gmail credentials in one of the Russian Forums which mainstream media has picked. One of the links here from TheNextWeb

Now, unfortunately my ID was in the list too and what prompted me to write to thread is the only place where I had used that password was here for the forums. I may have ticked the alarm bell ringing but if you have used gmail for this forum, kindly check if its indeed the password you use here. A site has been put (I have no affiliation with them nor do I generally recommend, but its only the email address that you need to enter) isleaked.com isleaked dotcom and the site would show the first two characters of the password.

I have gone through my credential list and can confirm the first two characters indeed match here and as a security best practice I do not re-use passwords and recommend the same to my customers.

Admins, request you to take actions as needed. Just to give some heads up, I am a Information Security Consultant

Prasanna

Last edited by Rehaan : 11th September 2014 at 15:16. Reason: Twitter link removed, as we try to steer clear of members linking to their own websites, profiles, etc. Thanks!
pranxter is offline   Reply With Quote
Old 11th September 2014, 10:13   #2
BHPian
 
prateekm's Avatar
 
Join Date: Nov 2009
Location: Mumbai & BLR
Posts: 756
Thanked: 307 Times
Default re: Gmail Password Leak or probable credential compromise on other websites?

This seems to be a huge collection of phished passwords, don't think that the Google database was compromised. A couple of my friends found their emails in the database, but the passwords were 2-3 years old.
prateekm is online now   Reply With Quote
Old 11th September 2014, 10:17   #3
BHPian
 
Join Date: Feb 2009
Location: Bangalore
Posts: 34
Thanked: 11 Times
Default re: Gmail Password Leak or probable credential compromise on other websites?

Quote:
Originally Posted by prateekm View Post
This seems to be a huge collection of phished passwords, don't think that the Google database was compromised. A couple of my friends found their emails in the database, but the passwords were 2-3 years old.
Right. For mine, it wasn't the gmail password, but it was what I "had/have" used for logging into the forum here. Not necessarily it has to be the gmail password. Hence asking people to check if its indeed what they have used for logging into this forum
pranxter is offline   Reply With Quote
Old 11th September 2014, 10:19   #4
Senior - BHPian
 
alpha1's Avatar
 
Join Date: Apr 2007
Location: P00NA
Posts: 1,614
Thanked: 949 Times
Default re: Gmail Password Leak or probable credential compromise on other websites?

Quote:
Yes! Account s*******@gmail.com is found! First two symbols of password is: pa. Immediately change your password!
MEH! Not even close. There is no "pa" in my gmail password.

Last edited by alpha1 : 11th September 2014 at 10:21.
alpha1 is offline   Reply With Quote
Old 11th September 2014, 10:36   #5
Senior - BHPian
 
Soumyajit9's Avatar
 
Join Date: Oct 2012
Location: 10010
Posts: 1,508
Thanked: 1,650 Times
Default re: Gmail Password Leak or probable credential compromise on other websites?

Lucky me and wifey. Our email ids' did not feature in the search results.

Just FYI, the link points to Russian language website, and Google Chrome translator screws it up.
So try this link: https://isleaked.com/en

And just like in English movies, the apocalypse has major affect in Western Countries rather than India.

On a serious note, nevertheless, please do check if you are affected or not.

Last edited by Soumyajit9 : 11th September 2014 at 10:39.
Soumyajit9 is offline   Reply With Quote
Old 11th September 2014, 10:49   #6
BHPian
 
Join Date: Mar 2005
Location: goa
Posts: 979
Thanked: 43 Times
Default re: Gmail Password Leak or probable credential compromise on other websites?

Quote:
Originally Posted by pranxter View Post
....You might have read about yesterday's huge dump of Gmail credentials in one of the Russian Forums which mainstream media has picked. ...... A site has been put (I have no affiliation with them nor do I generally recommend, but its only the email address that you need to enter) isleaked.com isleaked dotcom and the site would show the first two characters of the password.
@terminalfix
I cannot see any first two characters of any password being shown. All it says is that my email address is included
filcord is offline   Reply With Quote
Old 11th September 2014, 11:09   #7
Distinguished - BHPian
 
jkdas's Avatar
 
Join Date: Sep 2005
Location: Thiruvananthapu
Posts: 9,635
Thanked: 1,343 Times
Default re: Gmail Password Leak or probable credential compromise on other websites?

Guys, its not a new hack just collection of old hacks etc they had collected over years. You are safe if you change password regularly.

Please see that you always have a complex password (8-9 character long) with numbers/symbols/alphabets and never reuse account info on another forum/website.
jkdas is offline   Reply With Quote
Old 11th September 2014, 11:14   #8
Senior - BHPian
 
Join Date: Dec 2006
Location: NH209
Posts: 1,607
Thanked: 700 Times
Default re: Gmail Password Leak or probable credential compromise on other websites?

Quote:
Yes! Account ramzsys@gmail.com is found! First two symbols of password is: fu. Immediately change your password!
That was the starting letter of my team-bhp(and many other forums long back). Never used that for google. So looks like google account data was not compromised.
ramzsys is offline   Reply With Quote
Old 11th September 2014, 11:47   #9
Senior - BHPian
 
dass's Avatar
 
Join Date: May 2008
Location: Bangalore
Posts: 1,039
Thanked: 428 Times
Default re: Gmail Password Leak or probable credential compromise on other websites?

What is the credibility of this information? Has google confirmed that there has been a leak? my email address isn't there, but never the less, good idea to change the password.
dass is offline   Reply With Quote
Old 11th September 2014, 12:20   #10
BHPian
 
sushanthr77's Avatar
 
Join Date: Jan 2007
Location: Mangalore / DXB
Posts: 280
Thanked: 4 Times
Default re: Gmail Password Leak or probable credential compromise on other websites?

I really don't think that the website is legit. Please don't enter your email ids here.
sushanthr77 is offline   Reply With Quote
Old 11th September 2014, 12:35   #11
Senior - BHPian
 
Join Date: Oct 2008
Location: Pune
Posts: 1,038
Thanked: 1,390 Times
Default re: Gmail Password Leak or probable credential compromise on other websites?

If you want to check on that website, enter 3 stars, that is don't enter team-bhp@gmail.com, but enter team-***@gmail.com.
ani_meher is online now   Reply With Quote
Old 11th September 2014, 12:36   #12
BHPian
 
DudeWithaFiat's Avatar
 
Join Date: Jan 2012
Location: Kochi/TVM
Posts: 322
Thanked: 364 Times
Default re: Gmail Password Leak or probable credential compromise on other websites?

Quote:
Originally Posted by sushanthr77 View Post
I really don't think that the website is legit. Please don't enter your email ids here.
The NextWEB is a reputable technology website. I don't think they will provide a link to a malicious/scam website in their article.
DudeWithaFiat is offline   Reply With Quote
Old 11th September 2014, 12:40   #13
BHPian
 
Hrishi_111's Avatar
 
Join Date: Aug 2014
Location: Pune
Posts: 46
Thanked: 63 Times
Exclamation re: Gmail Password Leak or probable credential compromise on other websites?

That appears to be an old database (collection of compromised passwords over several years).

Anyone, who change his/her password frequently need not to be worried at all.
If you haven't changed the password for years, do it now without even looking for your ID in the list.

IMO, providing your Gmail IDs to these websites is not a good idea as well (risk of revealing your identity to unknown source), so refrain from doing it.
Hrishi_111 is offline   Reply With Quote
Old 11th September 2014, 12:41   #14
BHPian
 
OHCVtec's Avatar
 
Join Date: Nov 2009
Location: Pune
Posts: 69
Thanked: 12 Times
Default re: Gmail Password Leak or probable credential compromise on other websites?

The password that they indicated is the one I had years back.It's scary how vulnerable our digital life's are.
OHCVtec is offline   Reply With Quote
Old 11th September 2014, 12:52   #15
BHPian
 
Join Date: Feb 2009
Location: Bangalore
Posts: 34
Thanked: 11 Times
Default re: Gmail Password Leak or probable credential compromise on other websites?

This is not to scare anybody or create FUD, but I am just trying to figure out few things..
What I am worried about and indicated in my first post is not about gmail password being leaked. Those might be for third party services where gmail is used for logging in or for account signup.

The password it listed actually matches with the password I had set for Team BHP. So I have reasons to doubt if the credentials of the users in the forum might have been indeed leaked (may be in the past or it was harvested over a period of time).

Apparently, I got hold of the email dumps and it has only the first 2 character of the password. While going through this file I noticed couple of email IDs with 'teambhp' suffixed to them and one of them was admin+above keyword.

Now, If it's indeed the admin and the password was not changed I would be worried!

I used 'grep' incase you are wondering if I went through 5 million text lines
pranxter is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads
Thread Thread Starter Forum Replies Last Post
Gmail users: Did anyone try any Gmail spam recipies? sandeepmdas Shifting gears 2 19th October 2009 19:40
Find your Stolen Vehicle @ http://www.stolen.in Edit: And other similar websites dadu The Indian Car Scene 9 16th October 2009 02:48
Probable Cars to be launched in 2009 kpbhatt The Indian Car Scene 1 6th March 2009 15:34


All times are GMT +5.5. The time now is 15:02.

Copyright 2000 - 2017, Team-BHP.com
Proudly powered by E2E Networks