News over the past few days that hackers have posted almost 5 million email addresses and passwords on an online forum has caught the media’s attention in large part because about 4.7 million of the addresses appear to be gmail accounts.
This is NOT, however, a breach of Gmail or Google Apps.
The information appears to be from other sites and sources for which users provide their email address as their login. In fact, several people that have found their address on the list report that the information is not their login information for Gmail or Google Apps. As reported by Mashable, your risk is low.
Given it is not a Google Apps or Gmail breach, are you at risk?
Maybe! Google has already analyzed the list and found some users that may be using their Google account password for other sites. Google has notified these users and is forcing them to change their passwords. For the bigger picture:
If you use the same username/email address and password for all of your services, and one service is breached, then you are at risk of hackers gaining access to some or all of your services.
If a service is breached and you have granted the service access to your Google Apps environment, your data may be at risk.
Step One: It is not easy, but avoid using the same password for multiple services, sites, or accounts. And don’t write passwords down to remember them.
Step Two: Be careful when and how you allow services to connect with one another. For example, LinkedIn needs your gmail.com password if you are going to import contacts. While this may be safe to do, other services may not be as trustworthy.
Step Three: Read and understand security permissions when you install apps on your mobile devices. Many apps recognize and request access to other apps and services already on your phone. Human nature is to say “grant” or “allow” without reading or fully understanding the implications, risks, or the trustworthiness of the app’s creators.
Note for Businesses, Governments, and Schools running Google Apps: Users installing 3rd party apps, particularly on cell phones, may be granting access to data stored in Google Apps. To see if you have a risk, we offer a Google Apps Security Health Check that will document access rights and evaluate your level or risk, if any.