Google: only 2% of the accounts indicated by the attackers are really working
This week it became known that by some persons the data of user accounts of such major Internet services as Yandex, Mail.ru and Google were uploaded to the public. The news was immediately replicated by the media and the comments of the companies themselves did not take long to wait. Initially, the information appeared in several forums, a member of one of the forums published allegedly “leaked” user account data of these companies in several posts and immediately began to assert that almost all of the data from these accounts was working and he “found his data there”.
Google .
It should be noted that a distinctive feature of such a large-scale “leak” is the publication of logins and passwords in open form , which immediately excludes the possibility of compromise of the servers of these companies by the attackers (they are stored in the form of a hash + can be additionally encrypted). Another indication that the compromise of these Internet services is excluded is the fact that you can hardly imagine a situation in which someone could simultaneously penetrate the infrastructure of all the above companies. Even if this happened, the passwords would have been received in the form of hashes and could be secretly used in Pass-the-Hash attacks, which were successfully blocked by most modern companies.
')
After replicating this information in the media and influencing users, the resource appeared isleaked.com , which offers to “check” your account for compromise and donate its funds as a thank you to the author. We do not recommend using this service to check your account for compromise, since it is not possible to establish the authenticity of this resource, as well as the initial information. Moreover, the number of actually working (real) accounts from this database also remains a big question.
Conclusions : the attackers used malicious programs with a mechanism to steal information entered by the user into the web pages of a browser compromised by malicious code, or used phishing messages to obtain this information. Cybercriminals themselves are from Russia, since Yandex & Mail.ru are the most popular services in our country, except for this, the initial information about the “leak” appeared on Russian forums.
Recommendations to users:
be secure.
If you’ve found that you’ve been logged in Reset their passwords.
Google .
It should be noted that a distinctive feature of such a large-scale “leak” is the publication of logins and passwords in open form , which immediately excludes the possibility of compromise of the servers of these companies by the attackers (they are stored in the form of a hash + can be additionally encrypted). Another indication that the compromise of these Internet services is excluded is the fact that you can hardly imagine a situation in which someone could simultaneously penetrate the infrastructure of all the above companies. Even if this happened, the passwords would have been received in the form of hashes and could be secretly used in Pass-the-Hash attacks, which were successfully blocked by most modern companies.
')
After replicating this information in the media and influencing users, the resource appeared isleaked.com , which offers to “check” your account for compromise and donate its funds as a thank you to the author. We do not recommend using this service to check your account for compromise, since it is not possible to establish the authenticity of this resource, as well as the initial information. Moreover, the number of actually working (real) accounts from this database also remains a big question.
Conclusions : the attackers used malicious programs with a mechanism to steal information entered by the user into the web pages of a browser compromised by malicious code, or used phishing messages to obtain this information. Cybercriminals themselves are from Russia, since Yandex & Mail.ru are the most popular services in our country, except for this, the initial information about the “leak” appeared on Russian forums.
Recommendations to users:
- Change your account password in any non-standard situation , when information appeared that the service could have been compromised.
- Use strong passwords.
- Use two-factor 2FA authentication. 2FA is not an empty sound, it will help protect your account even if the password becomes known to a third party.
- Be sure to check the presence of https-connection when you log into your service account and work in it.
be secure.
Source: https://habr.com/ru/post/236587/
All Articles