Were Your Google Credentials Leaked?

By September 12, 2014 Security News 31 Comments

Early on Tuesday, Google announced that a potential 5 million usernames and passwords associated with Gmail accounts have been leaked. It is unclear how many of them are current vs. outdated credentials. According to Google’s blog post“less than 2 percent of the username and password combinations might have worked.”

Visit our email look-up tool to see if your account was part of the leaked data.

We strongly suggest that you take this opportunity to change your Gmail account password and generate a new, strong password using LastPass. To protect our users, those who have reused their LastPass master password as their Gmail account password have been temporarily deactivated. For your security, note that it is very important to never use your LastPass master password for other logins.

If you’ve experienced trouble with your account, please contact LastPass Support so we may assist you in reactivating your account and creating a new, stronger master password.

Be Secure,
LastPass

31 Comments

  • Brian Dukes says:

    My account was in the leak, according to your tool. Is there a way that I can get access to that password, so that I can see whether it’s my current password or a past password (my current was generated by LastPass, but if it’s an old password it may have been reused)?

    • Anonymous says:

      I’d like to know this too as I recently changed my Gmail password so want to know how current the list is

    • Gryzor says:

      You can find two dumps out there; the list of usernames only, and another list with usernames and passwords. The first one is easy to find, the second one I got from the PirateBay.

    • Amber Gott says:

      We would recommend running the LastPass security challenge in the LastPass Icon > Tools > Security Challenge, then reviewing if you have any weak or duplicate passwords remaining in your vault. If you do, prioritize updating those, and any other logins that have been flagged as “potentially hacked”.

  • My mail ID is in the list. One another website showed me the first 2 characters of the password, and it is one of the common password I used 2-3 years back for websites where security was not a concern. I have never used that password for gmail. So the list is probably never captured from a gmail leak itself. They captured this password from some other source and since many people have common passwords, they claim to be gmail passwords. Thanks to LastPass I do not have any common passwords anymore.

  • Anonymous says:

    What about GApps users using their own domain name? The checker is only allowing checks for @gmail.com addresses.

  • Anonymous says:

    So… googlemail.com a/cs (UK only, licencing issue) not affected? Just gmail.com?

    • Anonymous says:

      Nope – I have a UK account but mine was on the list apparently. Luckily though I only changed my password last week and have 2 step authentication enabled. Also, you can use googlemail.com or gmail.com interchangably – they resolved the licencing issue a couple of years back

  • AndrzejL says:

    “Your Gmail account email address was NOT one of the ones that was in the 5 million publicly released. We strongly urge you to be cautious, and update your Gmail password.”

    I am so undesirable even my gmail wasn’t stolen ;(… ;D

    Cheers.

    Andrzej

  • Anonymous says:

    Thanks for looking out for your users. Been using your service for a long time and am very happy with it.

    I was so relieved to see that my Gmail account was NOT compromised.

    Thanks again!