4M gmail addresses with passwords leaked (large html file, 150megs)
pred.meThis is from 2014 and likely not a Google hack or leak but a subset of credentials revealed by hacks or leaks from other sites.
https://productforums.google.com/forum/#!topic/gmail/4q3AYMi... and https://facepunch.com/showthread.php?t=1423764 refer to this link.
Edit to add: https://haveibeenpwned.com/PwnedWebsites#BTSec
Indeed... My email is listed here, but it shows "password" as its password, which is completely false.
I only use "password" in random websites that force me to register (but that I'll never visit again).
Caution, this is a link to the actual emails.
As a 150MB HTML file. Good luck, mobile users.
Did not see that coming.
Yeah not sure why one would link to that file directly.
I've changed the title to reflect the size but there is no story here without the link. What would you have done? I ask not to confront but rather to learn.
I didn't feel completely comfortable posting the link but thought it was better that it's out there (and it looks like it's not even new according to comments).
To download, I used:
There appear to be no malicous/unsafe <scripts/> at the moment. No HTML tags.curl https://pred.me/gmail.html -vo /tmp/pred.me.gmail.$RANDOM.txtJust one email per line, and a colon (:) delimiter for the password.
The MD5 hash is:
Availability is spotty. The server is refusing connections, probably due to high load.c1d5f3998459acea8d32937a4485c0b7The IP address resolved to:
I don't think the direct link is out of line. Some users might need guidance on how to safely inspect the file.81.4.110.159In terms of HN community conventions and common behaviors, people will often submit a question like "Ask HN: Lorem Ipsum..." and then provide follow-up details in the message body, including relevant information, such as the details I've provided above.
This way, if the owner of the resource at the address starts serving up malware, users can verify the content before consuming it.
These are merely community memes though. Not any sort of auspicious, high-minded "best practices as prescribed by experts" or anything. Just some stuff a bro might do around here.
Also, WHOIS info might be useful, if safety or malware is a concern...
http://whois.domaintools.com/pred.me
This doesn't preclude the domain owner having been pwnt and used as a patsy. Or even whether that person might have a valid reason for hosting the file?
I looked at the paste file. It had my gmail address (which is mostly what I use for public stuff) but the password came from only one place: travel.travelocity.com; however that user database is long gone as Travelocity is now just a brand of Expedia so that old account no longer exists. Of course I don't reuse passwords so it's not an issue. I wonder how it got there.
Probably passwords from other sites, not gmail. Lists my email next to a password I've never used on gmail, or any other important site.
I give this dump 12 more minutes until someone at Google uploads it to an internal tool to invalidate all of the emails listed.
Unfortunately, I wouldn't be shocked if someone out there had a tool that can escalate this exploit just as quickly.
fake, checked 3 gmails. not only are the passwords wrong, they are random garbage that was never used with those accounts
One returned me the error "You changed your password 5 months ago"
Fascinating. Any thoughts as to how this came about?
I think this is the "bitcoin gmail dump". My email is listed here, but it has a throwaway password that I've never used as my gmail password.
A friend tells me he was emailed by https://haveibeenpwned.com/, letting him know his details were at that link.
Looks like at least some of these passwords come from the Daz3D website (964 hits).
Mirror?
Can anyone see if my name is in there?
I'm sure it'll get added to haveibeenpwned.com fairly quickly. That said I'm trying to grab it for the same reason. If your email is in your HN profile I'll give it a check.
Pretty sure it's already there, looks like https://haveibeenpwned.com/PwnedWebsites#BTSec
Oh nice, I missed it in there. Sometimes it takes an hour or so before I see new ones in there.
I got an email for it on Nov 25.
Subject: Yours is one of 4,788,657 email addresses found in a paste titled "pred.me"
At the time, it showed up on the "Latest Pastes" on HIBP, but I think it's aged out now.