5 Million Gmail Usernames, Passwords Stolen [UPDATED]

posted Sep 10, 2014, 2:36 PM by Shawn Kohrman   [ updated Sep 22, 2014, 3:56 PM ]
A variety of news outlets and media sources are reporting that 5 million usernames and passwords have been stolen from Google.

A number of key points must be acknowledged while considering what this means for you as an individual and as a member of the APU community.

Don't Panic
  • Most of the data appears to be over a year old.  So, if you've changed your Gmail password in the last year this may not affect you.
  • Google has announced to the public that none of its servers or services show any evidence of a breach.  These usernames/passwords appear to have been gathered primarily from personal computers infected with malware.
  • A  tool is available to check if your address is on the list.

How Do I Check?

A tool has been put online that will check your email address against the published list.  If your email address comes up the in list, please change your password immediately.

The tool is available at https://lastpass.com/gmail/

Help! I'm on the List

If your email address comes back as being on the list, there are a few simple steps you can take to protect yourself.
  1. Change your Gmail password immediately.  Tips for building a strong passphrase are available at http://security.apu.edu/home/what-you-need-to-know/password-tips .
  2. If checking your personal account, follow Google's instructions for enabling two-factor authentication.  Instructions for setting this up are available https://support.google.com/accounts/answer/180744?hl=en
  3. Make sure you are not reusing passwords.  Using unique passwords for each account helps prevent cyber criminals from accessing all aspects of your online world. 
  4. Use a password manager.  This will help you sanely utilize unique passwords for all your accounts.  More information is available at http://security.apu.edu/home/what-you-need-to-know/password-tips