BTSec

Medium Impact

9 January 2014

•

4,789,599 records affected

•

HaveIBeenPwned

Search on Google

Description

In September 2014, a large dump of nearly 5M usernames and passwords was posted to a Russian Bitcoin forum. Whilst commonly reported as 5M "Gmail passwords", the dump also contained 123k yandex.ru addresses. Whilst the origin of the breach remains unclear, the breached credentials were confirmed by multiple source as correct, albeit a number of years old.

What to do if you're affected

1.Change your password immediately if you have an account with this service
2.Enable two-factor authentication (2FA) wherever possible
3.Check if your email appears in the breach using Have I Been Pwned
4.Monitor your accounts for suspicious activity
5.Consider using a password manager to generate unique passwords

Learn More About Data Breaches

Have I Been Pwned

Check if your data has been compromised

ENISA

EU Agency for Cybersecurity