I had a bit of a panic attack late Wednesday when I read that a group of Russian hackers had exposed 5 million Google email addresses and passwords. I, like everyone else, use a single password multiple times a day to utilize a host of Google’s services that I’ve come to rely on for both work and school. Between my personal Blogger, Youtube, Drive, and email accounts, such a breach could be devastating, if someone with obvious malicious intent wanted to impersonate me. That then got me thinking about Google Wallet, a service I don’t use.
It came as a relief, later, when Google posted that the affected email addresses and passwords had not been directly hacked from Google, but had been harvested from non-Google sites, where Google users utilize their Google passwords and/or email addresses to access other services. According to Google, only 2% of the 5 million stolen email addresses and passwords were correctly matched. Further, even if login attempts had been made, Google’s automated anti-hijacking systems would have blocked them.
Here are a few common sense actions that Google advises we take to minimize our exposure:
- Log-in to your Google account and go to Account > Security to change your password immediately.
- Be sure to create a strong password that you use only on Google.
- On the same Security page, update your Recovery & Alerts, so that if there’s a breach, Google is able to contact you.
- Lastly, consider taking the additional security step of enabling two-factor authentication, which prompts Google to send you a text or email message with an access code you’d enter at login.
I enabled two-factor authentication a few months ago when the rash of data breaches and stolen passwords started making the news. At times, I admit it’s a pain to be prompted to enter a code when I’m not sitting anywhere near my phone and have to stop what I’m doing to go fish it out of my pocketbook. Given this recent data breach and the one at Home Depot, it’s a small inconvenience I’m willing to accept, when faced with the alternative: a potentially stolen identity and ruined credit.
Image courtesy of Flickr user Ervins Strauhmanis