The New Stuff

Password-Hack2

Should You Trust a Site to Check If Your Gmail Password Was Leaked?


 
In the frenzy to figure out whether this leak was very bad news — it wasn’t as most passwords were old and not even Gmail ones — many people happily typed their email addresses into these sites. But, was that a good idea? Should we all trust a website (any website) with our email address just for the sake of checking if we have been hacked?In this case, a website called IsLeaked was the most popular site that offered this service, and the one that pretty much every news story (including Mashable‘s) was pointing to.

Hours after it surfaced, James Watt, an IT professional, questioned the site’s legitimacy by pointing out it had been created two days before the Gmail addresses leak. His main criticism missed the point. The site had been created after a similar leak earlier this week involving email addresses and passwords pertaining to Russian providers Yandex and Mail.Ru, according to IsLeaked’s owner, who declined to give his or her name to Mashable.

But Watt stood by the main point he was trying to make.

“I strongly discourage giving your information to any third party that claims to check your security for you,” he told Mashable.

The problem, he argued, is that you don’t know who you’re giving it to, and for all you know you might be sending your email to the same hackers who put out the list or someone else who is harvesting emails to sell them to spammers or get new, fresh email addresses to try to hack. Others on Reddit seemed to share his concern, and someone even created an open source “private” tool that checks the database of leaked emails without sending the address over to the site.

Gmail Tester

 

There is no indication IsLeaked was a nefarious site, and at first look, it seems to be legit. But Watt, according to security experts, does have a point.

 

“It’s sensible to be a little bit wary about who you share your email address with,”

“It’s sensible to be a little bit wary about who you share your email address with,” Graham Cluley, a noted security expert and blogger, told Mashable.

Imagine that this, or another site, is indeed run by bad guys. By harvesting their email addresses, the bad guys can amass a huge database of “folks that they know are concerned about whether their accounts might have been hacked,” Cluley said.

The risk in such a scenario is that the bad guys could send out spam or phishing attempts to those addresses, scaring users into believing their accounts had been hacked, Cluley explained, and tricking them into doing something unsafe — perhaps even something that tricks them into giving away their password.

What should concerned users do then?

In this case, Gmail actually said it forced the people whose password was indeed on the list (“less than 2%” of the 5 million), to reset their passwords. So there’s actually no need to check if your email is on that list anymore. If you haven’t heard from Google, you should be fine.

think twice before giving out your email address, and be on the lookout for any spam or phishing attempt.And if you’re concerned, just change the password and turn on two-factor authentication, said Chester Wisniewski, a senior security adviser for Sophos.

If you really want to use a site to check if you are among the victims, Cluley points tohaveibeenpwned.com, a site run by Troy Hunt, a security expert and software engineer. The site let’s users check if they’ve been victims not only of this leak, but also of several past ones like the infamous Adobe leak, which exposed more than 150 million accounts.

 

Recently Published

apple-pay-date-850x560
»

Apple Pay Launches Today: Here’s How To Use It

For years, companies have been talking about replacing credit cards ...

window
»

Project Spark, Microsoft’s Free Game Creation Game, Hits Windows 8 and Xbox One

Microsoft has removed the “beta” tag from Project Spark, ...

smartphone
»

5 Ways To Administer Your Smartphone’s Home Screen

Indeed, you can make your phone’s home screen your very own in ...

printer ink
»

Tips to Save Printer Ink

The most common printer-related complaints we get are from readers ...

crm
»

How to Utilize a CRM System to Your Marketing Department

Customer Relationship Mangement(CRM)  is an essential management ...

hidden
»

8 Things You Should Consider Hiding on Your Computer

It’s more important than ever to keep your digital life as ...

kim
»

What Kind Of Mother Is This?

Kim Kardashian forgets her baby in an hotel room! It looks like ...

face
»

Facebook Wins EU Approval For $19 billion WhatsApp Bid

Facebook , the world’s most popular social network, gained ...

Eddy Cue, Jimmy Iovine, Apple, Beats Music, Code Conference
»

Apple Asks the Music Labels for a Price Cut on Streaming Subscriptions

There are lots of music subscription services that let people listen ...