Call for help: researching the recent gmail password leak

Hey folks,

You probably heard this week about 5 million @gmail.com accounts posted. I've been researching it independently, and was hoping for some community help (this is completely unrelated to the fact that I work at Google - I just like passwords).

I'm reasonably sure that the released list is an amalgamation of a bunch of other lists and breaches. But I don't know what ones - that's what I'm trying to find out!

Which brings me to how you can help: people who can recognize which site their password came from. I'm trying to build a list of which breaches were aggregated to create this list, in the hopes that I can find breaches that were previously unreported!

If you want to help:

      1. Check your email address on https://haveibeenpwned.com/
      2. If you're in the list, email ihazhacked@skullsecurity.org from the associated account
      3. I'll tell you the password that was associated with that account
      4. And, most importantly, you tell me which site you used that password on!

In a couple days/weeks (depending on how many responses I get), I'll release the list of providers!

Thanks! And, as a special 'thank you' to all of you, here are the aggregated passwords from the breach! And no, I'm not going to release (or keep) the email list. :)

7 thoughts on “Call for help: researching the recent gmail password leak

  1. Reply

    Chao-Mu

    I talked to someone whose email address I found twice in the list (I can't disclose who). They were saying that both passwords were from 6+ years ago. They also said that both passwords were incomplete. As far as I can tell, they were truncated after a base word (not sure what the original passwords were, but what remained was a series of lowercase letters).

  2. Reply

    Chao-Mu

    However, I should say my password list was from pirate bay and I don't know if it is the same.

    unzipped:

    c1d5f3998459acea8d32937a4485c0b7 5000000 Gmail.txt

  3. Reply

    Chao-Mu

    I was looking at a break down of password counts and the percentages seemed low for some of the common passwords ("password" is %0.002) . Maybe this just has to do with gmail password restrictions? It may be interesting to do a comparison of occurrences of certain passwords compared to other lists (paying attention to list types as well, phish vs breach).

    Also looking for dates and the names of superstars, etc to date some of the lists.

  4. Reply

    Chao-Mu

    Oh oh oh! Do we know how the list is sorted? It doesn't seem to be alphabetic. Maybe they're concatenated lists. You might be able to find list divisions with recurrences of usernames.

    And if it is a bunch of concatenated lists, it stands to reason that one of those lists might be sorted, meaning you definitely could find boarders.

    Okay, I'll stop spamming this blog.

  5. Reply

    Con

    Just an observation: I notice that there are no capitalized letters in the aggregated txt file. I found a few passwords that I used but without the capitalization. My email/usernames are not listed in haveibeenpwned.com

  6. Reply

    SuchName

    Just in case :
    When this reddit thread was still alive : https://www.reddit.com/r/netsec/comments/2fz13q/5_millions_of_gmail_passwords_leaked_rus_most/
    i read that someone suggested using the email alias
    https://support.google.com/mail/answer/12096?hl=en

  7. Reply

    m1t0s1s

    There's a few working email accounts in the list, right next to their passwords. Gmail has detected the suspicious account activity but still.

    search for 'gmail:' and you'll find them.

Leave a Reply

Your email address will not be published.