Says my account was hacked, but then gives me the incorrect two letters for the start of my password. Seems bunk.
Also, why wouldn't you give your email address to a random website? I have it plastered all over the net. Spam is a solved problem at this point. Ironically thanks to Gmail!
Most of the stories about this list have pointed out that it doesn't necessarily contain passwords from Gmail, but from various accounts that used a Gmail address as a username.
Someone on Slashdot searched for "+" suffixes in the list, as in username+suffix@gmail.com:
Some of the most popular suffixes were xtube, daz (and daz3d), filedropper, and eharmony. The two characters returned by isleaked.com for my address could indeed have been from daz3d.com.
It was someplace you used your email with that password. It had a couple of my emails all with the same throwaway password I only use on sites that I either don't trust or have no intention of ever using again.
If you search around the full leak is very easy to find
Nope, I have a throwaway I normally use but this isn't it. Not sure what this is coming from, but I don't recall any passwords that start with these two characters.
for me it shows first two letters of the email itself. I might have used the username itself as a password in some random site, but this is/was not my gmail password :)
I usually never enter any personal information in sites like these, but this clause won me over:
> If you don't like to specify your full email address for any reason, you can replace up to 3 characters with asterisk sign (e.g., for myaccount@gmail.com enter myac*nt@gmail.com), thus we'll show you a count of matches for this pattern. We respect your privacy.
The passwords were not leaked from google, parts of it maybe were new, but other parts are suspected to be copied from older leaks.
The actual dump can be found if you look for it - with full passwords.
We can get a pretty good idea where they come from too by searching for emails with a + in the domain and looking at what comes after (I delete uninteresting ones - like single letters or numbers):
There are a few websites like this with varying reliability (either haven't been updated recently or have inferred the worst-case-scenario from hacks). This is the first time I've seen this one. You could also check out these:
Mine was, but the password there is more than 4 years old, I have changed it several times since then. Makes me think that this leak is just a collection of old leaks out together.
this is exactly what has happened, someone pulled together a load of data from hacks and leaks and made one file. the data in general appears to be years out of date, of course some people may still have the same password and may have reused credentials for other sites.
I think a lot more emails leaked due to people putting their full email to check than during the leak, although the service says people can use a search pattern, but who'd bother, right? People, it's inconvenient, I know, I know, but, please, start using 2FA! At last! I thought a lot of people who are not technical, Authy is a better tool, so, please, spread the awareness, and let's put this nonsense to an end!
Not sure. It said my email was in the leak but the "First two symbols of password is: " is from one of my old passwords I don't use any more, don't know when I changed it away from that old password.
If you're more concerned about spam it's your gmail address which is probably already getting loads of spam you don't notice because gmail's filters are excellent.
I took a look and then compared against my current LastPass account (in case it was from another site's leak), and nothing. I've never had a password for gmail that started with these two characters, either.
FYI > I checked all my accounts and one was leaked. HOWEVER, it was the password I used when I first setup the account in 2004, and has been changed many times since.
You should also already have two-factor authentication setup, so you shouldn't have anything to worry about: https://support.google.com/accounts/answer/180744?hl=en