Yesterday there was a flurry of reports about five million hacked GMail accounts that were posted online. A large number of people were understandably alarmed. This is the type of breach that can expose a victim to identity theft.
The GMail credentials first appeared on btcsec.com, a bitcoin security forum. They were posted by someone named TVSkit. He was described as Russian, probably due to his penchant for funny characters since the forum is a Russian language site.
Soon after the initial wave of reports, Google weighed in on its security blog. The company harvested the posted login credentials and checked them against their internal records. According to the company, less than 2% were valid and even fewer could be used to access an account.
In the wake of this report, there was another round of breaking news. Google probably wasn’t hacked but you should probably change your password anyway, the media said as it turned its attention to the next shiny object. No. What you should do is setup two-step verification.
In all likelihood, this stir was caused by an adolescent copy-and-paste hacker who grabbed someone else’s credential sheet and used it to bolster a claim about a non-existent GMail breach.