How to check if your gmail account has been hacked

by the indusface research team

According to some reports, gmail has been hacked and 5 million usernames and passwords were stolen from compromised accounts. What does this mean for you? changing passwords again? yes, but the most important thing is to change the way you and your customers operate your accounts, the ways you hinder your security, knowingly or unknowingly, and the ways you can stop doing it. Google has denied the hack claim and has said that if such an event occurs, it will inform affected users. “The security of our users’ information is a top priority for us,” a Google spokesperson said. “We have no evidence that our systems have been compromised, but whenever we become aware that accounts may have been, we take steps to help those users protect their accounts.”

Google also stated that the impact of this hack was greatly exaggerated and that less than 2% of username and password combinations could have worked. google stated in an official blog post: “we found that less than 2% of username and password combinations could have worked, and our automated anti-hijacking systems would have blocked many of those login attempts.”

how to check if your gmail account was hacked?

After this attack, a group of programmers came up with a website, isleaked.com. you can type your email id here, and it will tell you if your email is one of the 5 million affected. if you get hacked, the website will show you the first two letters of your password. The developers initially created this website to help people check for yandex and mail.ru attacks.

To reassure people of their honest intentions, the developers have provided an option not to enter your full email id, but to substitute up to 3 characters with an asterisk. we have tested it and it works.

but if google denies the hack, why these stories?

There have been more than a few hacking incidents in the past, with Google’s name dragged on. This time, Google has issued a statement. they have insisted that since no internal systems were breached or illegally accessed, they concluded that the accounts whose login details were stolen were due to an individual obtaining usernames and passwords from a malware-infected computer.

This claim is supported by the fact that the leaked information appears to have been drawn from much older lists. a large number of leaked passwords are three years old. because of this, the breach is attributed to a combination of violations that occurred in the past.

But even though the leaked information is outdated, most security experts have strongly suggested that users update their passwords regularly, especially after news of a leak breaks.

So, whether your gmail account was leaked or not, it is highly recommended that you change your password and now you should take advantage of the two-step authentication process provided by gmail. this means that google will send you a special code as an additional security measure when you sign in. It may sound like a headache, especially when we want everything to be automatic and simple, but it will protect you from repeated attacks and breaches.

why are so many accounts hacked? what should be changed?

More and more social networking websites are emerging. people have tens and hundreds of accounts and each account must have a username, username and password. some of them even have security questions.

so what do we do? it is not possible to remember all these details for anyone. people are also not very familiar with the concept of password managers. therefore, users end up using the same user ID and passwords for multiple accounts. the weaker the implementation of the security control of an account in question, the more lax the passwords are established. Essentially, this means that if an account allows a user to use the email id as a login id and password, they use it, without thinking about their security. the idea of ​​”why will someone hack my account?” it’s so deep that we really don’t want to bother following some basic security measures.

Also, we don’t want to check the history of recent activity on our accounts. gmail, facebook, etc they provide this service. you can check from which browser, which city, your account was last logged in… find suspicious activity, report and change your password. it’s as simple as that.

so we bring you some simple steps that one should follow when creating and using an account, to avoid falling victim to these frequent attacks.

how do you keep your account and passwords safe?

1. first things first. There are several sites, which encourages you to create an account with them. social networking sites, e-commerce sites and many more. And the account creation process is getting simpler: enter your name, email id, and a password (a simple one, no major permutations or combinations required), and voila, your account is created. and then what happens? you soon forget about them. because seriously you don’t need so many accounts and you don’t have time to use them all? but how does this affect your security? you can ask. it does, because it will share your email id, reuse the same username and password in a more important account. If this first account is hacked, the simple task for the hacker to do is to google your name, view all the accounts in your name and soon you will be lucky. Bottom line: Create accounts only for the websites you need, and no matter how lax the security measures they maintain, you should use a strong password.
2. If a website looks suspicious and offers you a deal too lucrative, to make an account, avoid it. if it sounds too good to be true, it probably is.
3. start using a password manager. no, not all are paid. yes, some of the best ones are free, so you don’t have to worry about keeping all your login details in a shoddy password manager. read user reviews, pick one and then use it.
4. we read it everywhere, we tell others about it, but we don’t follow it. use unique passwords for all your accounts. convert them to a combination of uppercase and lowercase letters, numbers, and special characters, and keep them the appropriate length. use suitable combinations. a password that meets all of the above criteria, “hello $1234”, is still a weak password. use random words or words that make no sense and are not related to you in any way. no pet names, friends or siblings please. our lives have become so open on social media today that guessing one of these is a piece of cake.
5. by maintaining security questions for accounts, especially on websites banks that have this characteristic, lying. yes, lie why? let me show you: best friend’s name, you can find it on social media, pet’s name, you can find it on social media, mother’s maiden name, yes, you can still find place of birth , everybody knows! these are some examples, you can answer the rest by yourself. but if you lie, how will you remember them? you can copy them to your pc or phone… no! never ever save passwords on any device in plain text, encrypt them, always. but what you can do for the problem at hand is, this: best friend’s name: how about naming the girl/boy you hated so much at school? that must be a secret. the name of the pet, the name of the neighbor can work, right? (sorry! just trying to help) mother’s maiden name: the first or last name of an actress or the name of a place! place of birth- put one of the places you always wanted to visit, but not the one you like the most. random, remember.
6. two-factor authentication: please use it. helps, keeps your account safe, and if someone tries to do something bad with your account, you’ll be notified.
7. Check your “recent activity” history periodically. anything out of the ordinary, change the password, dig deep and fix it.
8. do not click on any suspicious links in your social network, emails or download any unknown document . they can download malware onto your devices and monitor all your activities in stealth mode.
9. don’t share your passwords with anyone. you could share it in good faith, the person could take it in good faith, but they might not keep it safe enough. the only way for two people to keep a secret is if one of them is dead, and the only way to make sure only you know your password is to never share it with anyone.
10. change your passwords regularly. banks force you to do that, other websites don’t, but it’s important that you do it without anyone twisting your arm into doing it.