Webmail Password Leak More Widespread Than First Thought—Involves Gmail, AOL, and Yahoo Too
I did recommend that Hotmail users switch to Gmail ASAP, while reporting on 10,000 Hotmail passwords being made available online, but that’s because Gmail’s functionality is a lot better. That doesn’t change the fact that 20,000 more passwords were also made public. It’s not only Hotmail that’s been affected: Gmail, Yahoo Mail, AOL web mail users were hurt too.
Seems there’s an “industry-wide” attempt to phish passwords from unsuspecting web mail users. As you many know, online email account access is gold for phishers, because they (to paraphrase what I wrote yesterday) the foundation for the online existence of a lot of people. Gain access to a web mail account, and you pretty much gain access to the owner’s social networking accounts, and even more important (and potentially lucrative) services like their PayPal. Impersonating other people is also much easier if you have full control over their web mail.
Google at least hasn’t been sitting on its hands. According to the BBC:
“As soon as we learned of the attack, we forced password resets on the affected accounts. We will continue to force password resets on additional accounts when we become aware of them.”
The firm stressed that the scam was “not a breach of Gmail security” but rather “a scam to get users to give away their personal information to hackers”.
And that’s exactly the point: while I like Gmail more than Hotmail, I don’t think it’s more secure than any other web mail service out there (again, Gmail just provides better functionality). Hopefully incidents like this remind users that they should practice better security, such as using different passwords for their different online accounts, and regularly changing these passwords. I plan to write a quick how to on creating very secure passwords without forgetting about them. Watch out for it soon!