Five million Gmail passwords 'leaked'; TPG FTTB gets ACCC go-ahead


By Andrew Collins
Monday, 15 September, 2014


Five million Gmail passwords 'leaked'; TPG FTTB gets ACCC go-ahead

A collection of 4.93 million purported Gmail addresses and plain text passwords was posted online last week, but there are doubts about the collection’s legitimacy.

As reported by PC World, a user going by the handle “tvskit” posted the collection on Bitcoin security forum btcsec.com, claiming that more than 60% of the credentials contained within were valid.

PC World reported security expert Peter Kruse as saying, “We can’t confirm that it is indeed as much as 60%, but a great amount of the leaked data is legitimate.”

Researchers from Kruse’s company, CSIS Security Group, reportedly analysed the collection of credentials and concluded the data it contains is up to three years old.

Google reportedly told Russian media that much of the information contained in the collection is old and potentially out of date, seemingly backing up CSIS’s findings.

“We believe the data doesn’t originate from Google directly,” Kruse is quoted as saying. “Instead it’s likely it comes from various sources that have been compromised.”

In other words, the username/password pairs in the collection likely represent accounts on non-Google websites, where users have used their Gmail address as a username. The cybercrims in this case are merely hoping that these users have used the same password for their Gmail account.

The collection also contains thousands of user credentials for the Russian search engine Yandex, according to the Daily Dot.

Several websites exist that allow users to enter their email address to see if it is part of the collection of credentials. However, these websites may in fact be a way for spammers to collect new email addresses to add to their spam lists.

If in doubt, it may be safer simply to change your password, rather than submit your email address to one of these sites. The usual password advice seems appropriate: use strong passwords and don’t use the same password on multiple services.

Google published a blog post on credential dumps soon after the collection was posted. “This week, we identified several lists claiming to contain Google and other Internet providers’ credentials,” Google staff wrote.

“We found that less than 2% [about 98,000 of the 4.93 million] of the username and password combinations might have worked, and our automated anti-hijacking systems would have blocked many of those login attempts. We’ve protected the affected accounts and have required those users to reset their passwords.”

The blog continued: “It’s important to note that in this case and in others, the leaked usernames and passwords were not the result of a breach of Google systems.”

TPG FTTB A-OK: ACCC

The Australian Competition and Consumer Commission (ACCC) announced last Thursday that it won’t stand in the way of TPG’s fibre-to-the-basement (FTTB) plans for Australian metro areas.

The ACCC was investigating a complaint that TPG’s plans to connect large apartment buildings in metro areas to its existing fibre networks, and offer fibre-to-the-basement (FTTB) services to residents of those buildings, would be a breach of the ‘NBN level playing field provisions’ in the Telecommunications Act.

The ACCC said last week that TPG’s planned rollout is permitted under the act and that it wouldn’t take any action to prevent the telco’s plans.

However, ACCC Chairman Rod Sims said the ACCC “will now conduct a declaration inquiry into whether a superfast broadband access service like the type to be provided by TPG over its fibre-to-the-basement networks should be the subject of access regulation”.

“Amongst other matters, the inquiry will consider whether regulation is necessary to ensure that consumers in TPG connected buildings can benefit from competitive retail markets for high-speed broadband services,” Sims said.

The AFR reported that Communications Minister Malcolm Turnbull will attempt to force the functional separation of TPG’s wholesale and retail divisions as part of a new licence arrangement.

“The licence condition would require owners of high-speed networks affected by the ACCC’s declaration process to functionally separate their wholesale operations and to provide access to competing service providers on the same terms as it is provided to their own retail operations,” Turnbull said in a statement.

“This licence condition would remain in place for two years - allowing the ACCC to undertake its declaration inquiry, the recommendations of the Vertigan panel to be properly considered and long-term regulatory arrangements for the sector to be settled.”

Image courtesy Marc Falardeau under CC.

Related Articles

Is the Australian tech skills gap a myth?

As Australia navigates this shift towards a skills-based economy, addressing the learning gap...

How 'pre-mortem' analysis can support successful IT deployments

As IT projects become more complex, the adoption of pre-mortem analysis should be a standard...

The key to navigating the data privacy dilemma

Feeding personal and sensitive consumer data into AI models presents a privacy challenge.


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd