Latest news with #GoogleAccount
Time of India
20-06-2025
- Time of India
How to secure your Google account after the 16 billion passwords leaked: complete guide for online safety
How to secure your Google account: complete guide following massive data breach A major cybersecurity event has exposed over 16 billion login credentials, according to researchers at Cybernews. The leaked data, uncovered across 30 previously unreported datasets, includes a mix of login details, cookies, tokens, and session metadata gathered via infostealer malware. This breach impacts access to platforms such as Google, Apple, Facebook, GitHub , and Telegram . While there's no confirmation of a centralized breach at Google or other major companies, credentials tied to their login portals were discovered in the leaked logs. The following sections outline how to secure your Google account and minimize risk in light of this data exposure. Also read: 16 billion passwords exposed in unprecedented cyber leak of 2025, experts raise global alarm Understanding the Google account risk from the credential leak According to Cybernews researchers, the leak was not sourced from a direct breach of Google's systems. Instead, it comprises credentials extracted from infostealer logs, which frequently include Google login URLs. Bob Diachenko, a contributor to Cybernews, stated, 'There was no centralized data breach at any of these companies,' but added, 'Credentials we've seen in infostealer logs contained login URLs to Apple, Facebook, and Google login pages.' Live Events The exposed records were found in unsecured storage instances such as Elasticsearch and object storage buckets. Datasets ranged in size, from 16 million to over 3.5 billion records, with some logs containing naming conventions suggesting ties to services or specific malware. The information structures were consistent: URL, followed by username and password. This setup aligns with how most modern infostealers operate. Some datasets also included session tokens and cookies, which may allow attackers to bypass password changes and even two-factor authentication (2FA). Also read: 'If cyber crime was a country, it would be the third largest GDP' Steps to secure your Google account immediately To protect your Google account in the aftermath of this breach, take the following proactive measures: 1. Change your Google account password – Use a strong, unique password created via a trusted password manager. 2. Enable Google 2-Step Verification (2FA) – Add an extra layer of security by using Google Authenticator or a security key. 3. Revoke unrecognized devices – Visit your Google Account security settings and sign out from unfamiliar devices. 4. Clear existing cookies and sessions – Since some datasets include valid session tokens, clearing cookies can help prevent session hijacking. 5. Monitor your Google Account activity – Use Google's 'Recent Security Events' page to track logins and detect anomalies. 6. Run antivirus and malware scans – Detect and remove any infostealer malware that could be compromising your device. Also read: Eugene Kaspersky sounds alarm on AI-driven cybercrime outpacing traditional defences; urges rethink These steps align with guidance from Cybernews researchers, who note, 'Some of the exposed datasets included information such as cookies and session tokens, which makes the mitigation of such exposure more difficult.' Credential leak extends to Google and other major platforms Though the datasets vary in origin, the scope and scale suggest a widespread data collection operation tied to infostealer malware. Researchers highlight that the inclusion of both old and recent logs indicates the data is 'fresh, weaponizable intelligence at scale.' Most datasets contained unverified credentials, but many included login data for services such as Google. The naming of some logs, like those referencing Telegram or suggesting Russian origins, provided additional context, though not definitive sources. According to Cybernews researcher Aras Nazarovas, this shift toward centralized infostealer databases could indicate a change in criminal behavior. 'The increased number of exposed infostealer datasets in the form of centralized, traditional databases... may be a sign that cybercriminals are actively shifting from previously popular alternatives such as Telegram groups,' he said. Also read: Cybercrime rate rises, victims lost whopping $16 billion. Here are top scams that duped people Preventing future exposure of Google credentials As attackers continue to refine data-harvesting methods, users must adopt strict credential hygiene. That includes: 1. Using password managers to avoid credential reuse. 2. Enabling 2FA across all major services. 3. Regularly auditing account permissions and third-party app access. 4. Monitoring accounts with automated breach detection services. Despite uncertainty about the total number of unique users impacted, the discovery of 16 billion credentials, nearly two for every person on Earth, makes ongoing vigilance essential. As Diachenko confirmed, 'Credentials we've seen in infostealer logs contained login URLs to Apple, Facebook, and Google login pages.' Though no centralized Google breach occurred, compromised credentials from Google users have been exposed. FAQs 1. How do I secure my Google account after a password breach? To secure your Google account after a password breach, immediately change your password to a strong, unique one using a password manager. Enable 2-Step Verification (2FA), review recent account activity, sign out from unfamiliar devices, and clear cookies and session data to block unauthorized access. 2. Was my Google account affected by the 16 billion password leak? While there's no evidence of a direct breach of Google, credentials linked to Google login pages were found in infostealer logs. You can check if your Google account was exposed by using tools like Google's Security Checkup or third-party services such as Have I Been Pwned. 3. What steps should I take to prevent Google account hacks in the future? To prevent future Google account hacks, use a unique password for each account, enable two-factor authentication, avoid clicking on suspicious links, and regularly monitor login activity. Keeping your browser and devices free of malware is critical to stopping infostealers before they access credentials. 4. Are Google login credentials safe after the massive 2025 data leak? How to secure your Google account after the 16 billion passwords leaked: complete guide for online safety A record-breaking data breach has exposed 16 billion login credentials from platforms including Google, Facebook, and Apple. This guide provides comprehensive steps to secure your Google account and protect personal data. Learn how to enable 2FA, use password managers, and detect threats after this widespread cybersecurity incident Google's infrastructure remains secure; however, some user credentials were compromised through malware-stealing tactics. Even without a direct Google data breach, it's essential to assume risk and secure your Google account promptly by updating passwords and enabling 2FA.
TechCrunch
09-06-2025
- TechCrunch
Google fixes bug that could reveal users' private phone numbers
A security researcher has discovered a bug that could be exploited to reveal the private recovery phone number of almost any Google account without alerting its owner, potentially exposing users to privacy and security risks. Google confirmed to TechCrunch that it fixed the bug after the researcher alerted the company in April. The independent researcher, who goes by the handle brutecat and blogged their findings, told TechCrunch that they could obtain the recovery phone number of a Google account by exploiting a bug in the company's account recovery feature. The exploit relied on an 'attack chain' of several individual processes working in tandem, including leaking the full display name of a targeted account, and bypassing an anti-bot protection mechanism that Google implemented to prevent the malicious spamming of password reset requests. Bypassing the rate limit ultimately allowed the researcher to cycle through every possible permutation of a Google account's phone number in a short space of time and arrive at the correct digits. By automating the attack chain with a script, the researcher said it was possible to brute-force a Google account owner's recovery phone number in 20 minutes or less, depending on the length of the phone number. To test this, TechCrunch set up a new Google account with a phone number that had never been used before, then provided brutecat with the email address of our new Google account. A short time later, brutecat messaged back with the phone number that we had set. 'bingo :),' said the researcher. Revealing the private recovery phone number can expose even anonymous Google accounts to targeted attacks, such as takeover attempts. Identifying a private phone number associated with someone's Google account could make it easier for skilled hackers to take control of that phone number through a SIM swap attack, for example. With control of that phone number, the attacker can reset the password of any account associated with that phone number by generating password reset codes sent to that phone. Given the potential risk to the wider public, TechCrunch agreed to hold this story until the bug could be fixed. 'This issue has been fixed. We've always stressed the importance of working with the security research community through our vulnerability rewards program and we want to thank the researcher for flagging this issue,' Google spokesperson Kimberly Samra told TechCrunch. 'Researcher submissions like this are one of the many ways we're able to quickly find and fix issues for the safety of our users.' Samra said that the company has seen 'no confirmed, direct links to exploits at this time.' Brutecat said Google paid $5,000 in a bug bounty reward for their finding.
Metro
21-05-2025
- Metro
Warning to 1,800,000,000 Gmail users over sophisticated scam
Gmail users have been warned about a highly convincing scam email thatappears to come from Google themselves. The email seems to come from no-reply@ which is the address that real security updates come from. It links to a webpage hosted by Google, too, which is another convincing sign. But the website was not made by them; it was made by scammers trying to trick you. The email claims that 'a subpoena was served on Google LLC requiring us to produce a copy of your Google Account content'. It links to a domain designed to look like Google's genuine support page. However, the real support webpage is on while the 'sites' domain is one that anyone can build a free webpage on. Ordinary users are unlikely to know or notice this, however, and could inadvertently grant scammers permissions that could allow them access, or target you with malware. Security software firm Kaspersky said that there are other clues, too. If you look closer at the email details, the to and mailed-by fields contain a jumble of letters of emails which have nothing to do with Google, showing me[@]googl-mail-smtp-out-198-142-125-38-prod[.]net and The scam was first revealed by tech developer Nick Johnson. The scammers used Google OAuth technology, which is what you see when you use your Google details to sign into a different app. Those who fell victim to the scam approved the permissions thinking they were giving Google themselves permission. It is not clear exactly what the scammers hoped to achieve by this, but could involve data theft or infecting the victim with malware. Kapersky said that when an OAuth app is registered, 'the web application administrator can manually enter completely arbitrary text in the App Name field – this is what the criminals apparently took advantage of.' The mechanism that attackers used to do this has now been shut down, which will prevent this method of attack from working in future. A Google spokesperson said: 'We're aware of this class of targeted attack from this threat actor and have rolled out protections to shut down this avenue for abuse. 'In the meantime, we encourage users to adopt two-factor authentication and passkeys, which provide strong protection against these kinds of phishing campaigns.' They recently issued guidance on spotting scams, saying they will not ask for any of your account credentials, including your password, one-time passwords, confirm push notifications, and will not call you. Get in touch with our news team by emailing us at webnews@ For more stories like this, check our news page. MORE: People are placing bets on which five escaped New Orleans prisoners will be caught last MORE: Stalker detective tried to 'destroy' ex's life by lying he was a paedophile MORE: School boys deny throwing massive seat over balcony at Westfield
Business Standard
20-05-2025
- Business
- Business Standard
Bharti Airtel partners with Google to officer Google One subscription to its customers
Bharti Airtel and Google, today, announced a partnership that brings a compelling Google One cloud storage subscription service for Airtel customers, helping address the mounting challenge of limited device storage. All postpaid and Wi-Fi customers will get access to six months of 100 GB Google One cloud storage at no extra cost. They will also be able to share this storage with up to five additional people. The partnership aims to address the issue of growing data storage constraints faced by users by ensuring that customers have ample space to store their cherished photos, videos, documents and other digital content without the need to frequently delete files or resort to expensive physical storage expansions. Additionally, WhatsApp chats on Android are backed up to Google Account storage which will make device switching easier for customers. The cloud storage provision is comparable with both Android and iOS platforms, making it widely accessible to Airtel's diverse customer base.
The Hindu
20-05-2025
- Business
- The Hindu
Airtel, Google team up to offer cloud storage subscription to postpaid and Wi-Fi customers
Bharti Airtel and Google on Tuesday (May 20, 2025) announced a partnership to offer Google One cloud storage subscription service for the telco's customers, to address the limitations of device storage. All postpaid and Wi-Fi customers will get access to six months of 100 GB of Google One cloud storage at no extra cost. After six months, a fee of ₹125 per month will be added to the customer's monthly bill. If a customer chooses not to continue the subscription, they can cease to be a Google One member, according to a release. The partnership seeks to address the issue of growing data storage constraints faced by users by ensuring that customers have adequate space to store photos, videos, documents and other digital content without the need to frequently delete files or resort to expensive physical storage expansions, according to the release. As an introductory offer, the 100 GB cloud storage will be available at no additional cost for six months from the date of activation, enabling customers to back up their data and taste the convenience of cloud storage. Customers will also be able to share this storage with up to five additional people. Additionally, WhatsApp chats on Android are backed up to Google Account storage, which will make device switching easier for customers. The cloud storage provision is compatible with both Android and iOS platforms, it said.
