Google resets 100,000 accounts after stolen passwords are posted online

USPA News - Internet giant Google said Wednesday it reset the passwords for about 100,000 of its users after millions of credentials were posted on a Russian website, apparently stolen through third-party services, although only a small number of combinations were said to be working. A text file containing a database of compromised accounts was uploaded to the Bitcoin Security Forum and included credentials for about five millions Google accounts, but other - mostly Russian websites - were also affected.

One security expert said the credentials were likely stolen through third-party services and not through any breach in Google security. "The security of our users is of paramount importance to us. We have no evidence that our systems have been compromised, but whenever we become aware that an account has been compromised, we take steps to help our users secure their accounts," Google spokeswoman Svetlana Anurova said by email. A blog post from Google`s Online Security Blog explained that less than 2 percent of the unencrypted username and password combinations - roughly 100,000 - "might have worked" to access the accounts. "We`ve protected the affected accounts and have required those users to reset their passwords," Borbala Benko, of Google`s Spam & Abuse Team, said. Benko did not explain why only 2 percent of the credentials were working, but it may indicate that the database in question was outdated. It is not known if any of the users had their accounts accessed by the cyber criminals. "It`s important to note that in this case and in others, the leaked usernames and passwords were not the result of a breach of Google systems. Often, these credentials are obtained through a combination of other sources," Benko said. "For instance, if you reuse the same username and password across websites, and one of those websites gets hacked, your credentials could be used to log into the others."