A data breach on Gmail, Yahoo Mail and Hotmail has exposed usernames and passwords for millions of users. Some 273.3 million accounts have fallen victim to the data breach, and security expert Alex Holden of Hold Security is encouraging everyone to change their passwords immediately.
All told, the data breach contains 57 million accounts for the Russian email provider Mail.ru, along with 40 million Yahoo Mail credentials, 33 million Hotmail accounts and 24 million Gmail accounts. In addition, the breach reportedly contains hundreds of thousands of German and Chinese email addresses as well as thousands of username / password combos that appear to belong to employees from US banking, manufacturing and retail companies, Android Central reports.
The data breach on Gmail, Yahoo Mail and Hotmail was noticed after Hold Security apparently came upon the data directly from the hacker, who was selling the items for the low sum of less than $1. Holden instead told the hacker that he would post “favorable comments” about him in various hacker forums; that was enough to get the hacker to turn the data over.
“This information is potent. It is floating around in the underground and this person has shown he’s willing to give the data away to people who are nice to him,” identified Holden.
In this regard, when Microsoft was contacted, the company’s spokesperson stated that:
“Unfortunately, there are places on the internet where leaked and stolen credentials are posted, and when we come across these or someone sends them to us, we act to protect customers.”
It was also clarified by Microsoft’s representative that the software giant has implemented exceptional security measures and is looking into the matter.
“Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access to their account.”
About ten days ago, Hold Security started informing the companies affected of the data breach; the company’s policy is to return stolen data to the companies affected. It’s worth noting that while tens of millions of Gmail, Yahoo and Hotmail accounts were affected, the total percentage of accounts compromised compared to the total in circulation is relatively small, the Tech Portal reported.
While the data breach on Gmail, Yahoo Mail and Hotmail has exposed usernames and passwords, Google recently announced that more than one billion people are using Gmail, for example. But given people’s propensity to reuse passwords, this breach could have wider-reaching effects. Either way, better safe than sorry — if you haven’t changed your password recently, now is as good a time as any. Also, turn on two-factor authentication.
According to a number of reports, experts are now suggesting that many of the details are actually from previous data breaches and could have been cobbled together to form this new super list. What does this mean? Well, even less reason to be worried. But, still reason to change your password.
There have been no official details released from any of the big names involved. And no one is really certain whether it’s users from specific countries that are at risk or not.
Mashable said that the data breach on Gmail, Yahoo Mail and Hotmail is serious that 24 million are affected at Gmail, but with 1 billion people using that service, not everyone was affected. Hackers know users cling to favorite passwords and that’s why attackers find it useful to use old passwords on other accounts made by the same user.