The media were abuzz recently with news that Gmail password millions of words leaked online ?. The story is enough to send the 425 million Gmail users active in free fall, but it is important to stay calm and look at the facts. password could be one of those compromises? And even if you are not a victim this time, how can you protect your email account in the future?
what happened?
On September 10, the passwords of about five million Gmail accounts were published on a Russian Bitcoin security forum.
Google, owner of the e-mail service based on the Web, insists its servers are not met. Instead, the company believes that the published passwords were collected in previous cyber attacks. It was also suggested that the details can be gleaned from other websites that use Gmail addresses for members connections.
In a blog post published after the news broke, Google said it "has identified several lists claiming to contain and Google credentials other Internet providers." He added that less than two percent of combinations of user name and password may have worked. This makes it sound like a small problem, but given the huge number of active accounts Gmail, this amounts to nearly 100,000 people at risk. Automated anti-piracy systems Google had to block many connection attempts, but that does not mean the violation still can not do damage.
How are people find out if they have been compromised?
at the time of writing, the original thread on the Russian forum was still active with a downloadable link to the complete database. One way to work if your account is compromised is to simply upload the database and check. Some people who have done this have found their Gmail addresses listed with the old passwords, suggesting their account is currently safe.
However, others have found their email accounts with existing passwords not only for Gmail, but for other online accounts. But remember, it is advisable never to download files from Internet sources that you're not familiar with. If you still want to see, make sure that your antivirus and spyware software is current.
Many Gmail users concerned have also rushed to online sites like IsLeaked.com to check whether they were affected. Users simply type their email address into the site to learn whether on the database, and display the first two letters of its associated password.
Concerned citizens asked why the site was launched on 8 September, two days before the list hit the Bitcoin forum. Its anonymous creator Forbes said he made the site after a leak of the Russian postal service Yandex September 7, then simply added Gmail details when this story broke. This seems plausible, but there are concerns that the site can simply use honeypot to collect email addresses.
Two other (presumably more secure) sites to verify your account and are securityalert.knowem.com haveibeenpwned.com. The latter of these two sites is managed by Troy Hunt, who has been named as a Microsoft Most Valuable Professional for Web security.
Is there a safer way?
Fortunately, there is another, perhaps safer ways to determine if your Gmail account is at risk. In efforts to protect its users, Google locks to users with accounts suspected of being compromised in flight. You will know if you are one of them if you are prompted to change your password before logging into your account.
However, even if you are not prompted to change your password, which n 't necessarily mean that you are completely in the clear. The Google Page security shows recent activity on your Gmail account, including diary dates, locations and browsers. If you spot something that does not match your activity, your account was also compromised. You should also change your password to protect the integrity of your account.
Protect your account against future attacks
If your account has been compromised in the latest leak or not, it is smart to have a strong password and change it regularly to prevent future attacks. It should consist of at least 10 characters, which are a mixture of uppercase and lowercase letters, numbers and other symbols. It should also be unique to your email account. Otherwise, if someone does get the password they can infiltrate a variety of online accounts.
Configuring two-factor authentication on your account provides an additional layer of security. If someone tries to sign a new device or location, an automated code is sent to your mobile device to allow connection. So if hackers get ahold of your password, they can not infiltrate your account from their device. It is a very effective way to prevent these attacks, but it will not protect you against hackers who have compromised your device using Trojans or holes in unpatched software. Unfortunately, end attacks such as these represent the majority of computer crimes. But for what it does not protect against the two-factor authentication works fine.
Once you access your email, you can not afford to be complacent. Approximately 156 million phishing emails are sent every day. They seek to collect personal information or infect systems with malicious code. spam filters catch 0 percent of phishing e-mails, which leaves about 16 million sitting in inboxes.
Of these, about 10 percent get people to click. That equates to about 800,000 people every day who expose their accounts to hackers. Read on how to spot phishing emails so you do not fall for them.
Do not forget your mobile devices
Many people mistakenly believe that hackers target only desktops and laptops, but in this world of increasingly mobile, smartphones and the tablets are also attacked. Last year, McAfee has collected 2.47 million samples of new mobile malware last year. A huge 744,000 of them were detected in the final quarter of 2013. This represents a massive increase of 197 percent on 2012 figures. It is clear that hackers have mobile devices firmly in their sights.
public networks and WiFi hotspots expose mobile users to security threats, but a good virtual private network, or VPN, can help you open a secure session. VPN creates an encrypted tunnel from end to end, making your sensitive data unreadable computer snoops.
As hackers are always finding more sophisticated ways to infiltrate systems, you should look for a VPN that is updated regularly. For example, Hotspot Shield, we recently updated our application to support the new iOS 8 Apple's operating system. With our application you will be protected by HTTPS encryption for banking during access to an unsecured network, and your IP will be hidden at any time during Web browsing.
Stories like the latest Gmail Notifier tend to cause panic, but they can also serve as important reminders to improve online habits.
Image via Flickr by Cairo
0 Komentar