183 million Gmail accounts breached.
Maybe time to change your password?
2 Likes
I think I’ve forgotten mine. 
Oops.
Indeed, but what a faff.
1 Like
Bring on digital ID (not)
1 Like
If Google can’t protect our data, you have to wonder how well the lowest bidding contractor/a mate of the PM that HMG picks is going to manage, especially when it gets outsourced.
5 Likes
Johnson is out, is he not?
2 Likes
Google denies the allegations. Full investigative report in this link.
An interesting article, and a quick look at Have I Been Powned shows that I’ve been caught on both the Bouyges and Free hacks over the last year, which explains the very precise phishing texts that I got the other week, suggesting that there was a large sum coming out of my bank account (addressed by name and with the right bank).
1 Like
Have I Been Pwned doesn’t seem to think my gmail address has been affected by the breach.
That’s something, I suppose.
1 Like
Why is there no effective fining mechanism to make companies who leak data pay a decent penalty in every country in which even 1 person’s data is leaked ?
I’m sick of unnamed so’-called external parties or obscure data centres in places like the Philippines being blamed. I really don’t care as it’s the conpany taking the data that’s responsible and I really don’t care about their problems outsourcing etc.
4 Likes
Sorry, I forgot that Starmer doesn’t have any friends.
1 Like
Mine not affected either. And it seems like 90% of the 183 million are from old breaches. And it’s not just Google affected but many email providers. So it’s an inaccurate sensationalist headline. Who’d have thought it 
2 Likes
Yes going back to May this year so a bit late. If I get any such alerts it’s usually from the Register.
Somewhat sensationalist headline there @Corona - the article reports that in reality, most of the hacked addresses result from an amalgam of previously released information. I know that my personal Gmail address was hacked years ago, but password change, implementation of 2FA and additional security measures by Google have mitigated further attempts (so far, I’d never say never with IT security). When I receive a “warning” that I’ve been pwned for that account, it almost inevitably turns out to be with old, invalid credentials. The fact that the dark web has my email address is no real surprise to me any more. The concern for me is more one of nefarious actors trying to usurp my identity and use that information to open accounts over which I might not have any inkling of their existence, although the ones who do attempt to use the address directly to register a new account somewhere tend to end up in my inbox flagged as “suspcicious” (and well they should).
I am also not so naieve to believe that it will never happen.
1 Like
Yes it popped into a news feed so I thought it was worth passing on, even if for people who know more on the subject could either inform or rubbish the headline. I am fine with that better to know than not.
1 Like
My wife and I started getting lots of spam about a month ago. 3 different gmail addresses, It’s too much of a faff to change every website that has these addresses registered so it’s just fingers crossed and change them as and when. They aren’t even convincing emails but it is a nuisance when you ARE actually awaiting a parcel delivery. Can’t delete them willy nilly, have to verify them, 
Just to add, I never put my real DOB, there is no reason why any site would need this apart from the genuine ones like banks.
I just pick a memorable date and stick to it, one little line of defence.
1 Like
I probably get about 1 or 2 per month that make it through Gmail’s spam filters, but it’s good to know that someone is trying it on - keeps me on my toes!
There has been a statement from Google stating that this is fake news: Google’s Statement: Google has stated that there has been no security breach of Gmail’s internal systems, and user data remains safe on their servers. They called the reports “false” and “inaccurate.” Check this out for yourself, like I did, and don’t panic. have a great day.
1 Like
This is the big issue. Google has a big bug bounty programme to make sure they know about vulnerabilities before hackers. Perhaps they’ve put the focus on bugs in Gemini and taken their eyes off the ball elsewhere, but race-to-the-bottom government contractors certainly won’t be pricing in such programmes, and even if they did, the procurement teams are likely to have instructions to reduce cost.
Not limited to government contracts, the response is usually “well well do half the work for half the price, which half do you want to leave out? The primary feature set or the security element? “
2 Likes
The security threat landscape has shifted massively in recent years. Attackers no longer break in, they simply log in (using compromised credentials).
Infostealers have been all the rage for a few years now. Credentials are being harvested on a massive scale - either via phishing emails luring victims to fake O365 sites where they’re promoted for their credentials, or (less commonly but more effectively) via malware run on the machine itself such as Mystic Stealer - which are then subsequently sold on by Initial Access Brokers (IABs).
IABs provide details such as the industry of the organisation where the victim works, their revenue, etc… so that threat actors can bid accordingly.
Threat actors then do a ransomware campaign by leveraging the platforms of the ransomware authors. Much like companies such as Adobe and Salesforce offer SaaS (Software-as-a-Service) solutions, the authors of ransomware offer Malware-as-a-Service. They provide a platform but don’t do the dirty work themselves, and instead take a cut of the ransomware fee paid by victim organisations.
IAM (Identity & Access Management) used to be a relatively insignificant part of cybersecurity for many organisations, but has become much more relevant recently. Especially since users are working from home and are logging into cloud platforms on a multitude of devices.
1 Like