News
News Categories

PSA: Huge data breach of millions of Gmail, Hotmail and Yahoo Mail accounts (Updated)

By James Lu - on 8 May 2016, 6:33am

PSA: Huge data breach of millions of Gmail, Hotmail and Yahoo Mail accounts

Image source: Hold Security

Update, May 8:

As reported by Ars Technica, Google and a Russia-based e-mail service have unveiled analyses that call into question the validity of the security firm's report.

Ars Technica:

"More than 98% of the Google account credentials in this research turned out to be bogus," a Google representative wrote in an e-mail. "As we always do in this type of situation, we increased the level of login protection for users that may have been affected." According to the report, the compromised credential list included logins to almost 23 million Gmail accounts.

Also:

Separately, Mail.ru, Russia's biggest e-mail provider, has said that more than 99.98 percent of the credentials it received from security firm Hold Security turned out to be invalid accounts. Almost 23 percent of Hold Security's entries contained addresses that don't exist, and 65 percent of the listed accounts contained passwords that were wrong. The 12 percent of remaining accounts had already been temporarily suspended by Mail.ru because officials considered them compromised or controlled by bots.

Yahoo has also issued a statement:

“Our security team has investigated and we don’t believe there is any significant risk to our users based on the claims shared with the press. We always encourage our users to create strong passwords (here are some tips), or, even better, eliminate use of passwords altogether by using Yahoo Account Key.

In short: "There was no reason to think any of the affected e-mail providers had themselves been hacked." Still, it's a good idea to adopt safe online practices, like having a strong password. Stay safe, folks.

--

Originally published on May 5:

In what is one of the biggest data breaches in history, millions of Gmail, Hotmail and Yahoo Mail accounts have been compromised with usernames and passwords currently being sold in the Russian criminal underworld.

According to Reuters, who spoke to Alex Holden, founder and chief information security officer of Hold Security, 272 million account details were stolen. The biggest share of those accounts belongs to Russia's own Mail.ru email service accounts at 57 million, but a large number also belong to Gmail, Hotmail and Yahoo Mail users.

Yahoo Mail accounted for 15 percent of the haul with 40 million accounts, Hotmail for 12 percent, with 33 million accounts, and Gmail for 9 percent, with 24 million accounts.

It wasn't just email accounts that were targeted, according to the report, thousands of account credentials belonging to employees of some of the largest US banking, manufacturing and retail companies were also compromised.

Holden stumbled on the discovery after he saw a Russian hacker nicknamed "The Collector" bragging about the haul in an online forum. He was asking for just 50 rubles (~S$1) for the lot, but amazingly, Holden was given the trove for free after agreeing to post favorable comments about the hacker online.

"This information is potent," Holden said. "It is floating around in the underground and this person has shown he's willing to give the data away to people who are nice to him. These credentials can be abused multiple times."

Source: Reuters and Hold Security

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.