
4M gmail addresses with passwords leaked (large html file, 150megs) - mr_november
https://pred.me/gmail.html
======
nilved
This is from 2014 and likely not a Google hack or leak but a subset of
credentials revealed by hacks or leaks from other sites.

[https://productforums.google.com/forum/#!topic/gmail/4q3AYMi...](https://productforums.google.com/forum/#!topic/gmail/4q3AYMiUEsk)
and
[https://facepunch.com/showthread.php?t=1423764](https://facepunch.com/showthread.php?t=1423764)
refer to this link.

Edit to add:
[https://haveibeenpwned.com/PwnedWebsites#BTSec](https://haveibeenpwned.com/PwnedWebsites#BTSec)

~~~
Karuma
Indeed... My email is listed here, but it shows "password" as its password,
which is completely false.

I only use "password" in random websites that force me to register (but that
I'll never visit again).

------
buckbova
Caution, this is a link to the actual emails.

~~~
r1ch
As a 150MB HTML file. Good luck, mobile users.

~~~
aaronpk
Did not see that coming.

------
coldcode
I looked at the paste file. It had my gmail address (which is mostly what I
use for public stuff) but the password came from only one place:
travel.travelocity.com; however that user database is long gone as Travelocity
is now just a brand of Expedia so that old account no longer exists. Of course
I don't reuse passwords so it's not an issue. I wonder how it got there.

------
disposablename
Probably passwords from other sites, not gmail. Lists my email next to a
password I've never used on gmail, or any other important site.

------
Flammy
I give this dump 12 more minutes until someone at Google uploads it to an
internal tool to invalidate all of the emails listed.

~~~
acjohnson55
Unfortunately, I wouldn't be shocked if someone out there had a tool that can
escalate this exploit just as quickly.

------
rasz_pl
fake, checked 3 gmails. not only are the passwords wrong, they are random
garbage that was never used with those accounts

~~~
cuchoi
One returned me the error "You changed your password 5 months ago"

------
kafkaesq
Fascinating. Any thoughts as to how this came about?

~~~
r1ch
I think this is the "bitcoin gmail dump". My email is listed here, but it has
a throwaway password that I've never used as my gmail password.

[https://haveibeenpwned.com/PwnedWebsites#BTSec](https://haveibeenpwned.com/PwnedWebsites#BTSec)

------
Sephr
Mirror?

------
fiatjaf
Can anyone see if my name is in there?

~~~
simcop2387
I'm sure it'll get added to haveibeenpwned.com fairly quickly. That said I'm
trying to grab it for the same reason. If your email is in your HN profile
I'll give it a check.

~~~
r1ch
Pretty sure it's already there, looks like
[https://haveibeenpwned.com/PwnedWebsites#BTSec](https://haveibeenpwned.com/PwnedWebsites#BTSec)

~~~
simcop2387
Oh nice, I missed it in there. Sometimes it takes an hour or so before I see
new ones in there.

