過去かこ最大さいだい規模きぼの認証情報にんしょうじょうほう漏洩事件ろうえいじけん――13億件おくけん超ちょうのユニークパスワード流出りゅうしゅつとその影響えいきょう

Shortly after Google officially denied rumors of a major security breach related to Gmail, another huge number was announced, causing further confusion and chaos.

The newly revealed fact is that 2 billion email addresses and over 1.3 billion unique passwords have been leaked, and among them, 625 million had never been reported before.

In this kind of situation, can we really say that we are being sufficiently vigilant?

Troy Hunt, the founder of Have I Been Pwned, has issued a new warning once again.

He stated, I do not agree with the exaggerated reports regarding the data breach incident, but also emphasized, The headline 2 billion email addresses this time is not an exaggeration, but is based on fact.

He also emphasized that this leak was not caused by an attack on Gmail, in an effort to prevent any misunderstandings from spreading.

A few weeks ago, false rumors spread due to records from information-stealing malware. Therefore, it is important to convey accurate information so that the same mistake is not repeated.

Gmail is the worlds largest email platform, and while many Gmail accounts are included in the leaked data this time, in reality, only 394 million unique email addresses are actually involved.

In other words, 80% of all the data is not related to Gmail, and even if it involves Gmail addresses, the cause is not due to a security vulnerability on Googles side.

The measures recommended by Google include enabling two-factor authentication 2FA and using passkeys.

These are recommended measures for all users, regardless of whether they use Gmail or not.

In cases like this where a large-scale password leak has been discovered, it is extremely important to reset passwords promptly.

In reality, attackers usually try to log in using passwords through legitimate methods, and it is expected that such incidents will continue to occur in the future.

Nowadays, there is a very high possibility that your password or email address could be leaked somewhere on the internet.

Not only attacks on web services, but also information being stolen from personal devices by infostealer-type malware are causes.

In any case, the risk of unauthorized use of authentication information is unavoidable.

Mr. Hunt also stated, This is the largest dataset I have ever handled.

In situations like this, protecting your account with just a password and email address is as dangerous as leaving your house key in the door when you go out.

In fact, despite the fact that many websites and major platforms offer additional authentication methods such as two-factor authentication and passkeys to ensure user safety, there are still many people who do not make full use of these measures.

In particular, since there are security issues with two-factor authentication via SMS, we recommend using an authentication app on your smartphone.

Furthermore, if passkeys are introduced to all applicable accounts, even if authentication information is leaked, the risk of unauthorized use will be significantly reduced.

Major providers such as Google, Microsoft, Meta, Amazon, and Apple have already established environments where users can easily configure these measures.

Finally, if these basic measures are not implemented, users will continue to face serious risks.

In an era of information leaks, it is essential to proactively adopt stronger authentication methods and protect your own digital assets yourself.