If there’s a time to change your email password – it’s now. Reuters has just issued an alarming statement worldwide that a young Russian was found bragging that he had managed to collect the usernames and passwords of hundreds of millions of email accounts on the “deep web” – which included accounts from the like of Gmail, Hotmail and Yahoo (although the majority come from the Russian server Mail.ru”).
Reuters have described the situation as one of the biggest stashes of online credentials found in years.”
Founder and CEO of Hold Security, Alex Holden was the man behind the discovery when he found the young hacker on an online forum, who was subsequently prepared to release a far bigger number of personal credentials (which he said was around 1.17 billion records) for just $1.
After Holden had got rid of any duplicated records that were in the cache, there were 272.3 million. He eventually gave up the data after the researchers involved promised to post favorable comments about the individual in the various hacker forums, as it is against Holden’s company policy to pay for stolen data.
As Reuters explains: “Such large-scale data breaches can be used to engineer further break-ins or phishing attacks by reaching the universe of contacts tied to each compromised account, multiplying the risks of financial theft or reputational damage across the web.”
So what is the danger?
Well, hackers know that users often have two-three password for everything they need, therefore hacking into an email account can open doors to many other services, such as social media logins and online banking. Therefore it’s no surprise that the amount of hacked email accounts from Gmail, Yahoo, etc, has increased significantly since Holden’s discovery.
Holden has informed the companies affected, to which Google has already publically responded by explaining that Gmail users are not all at great risk, as there are over 1 billion registered accounts.
The most affected provider was Mail.ru, who are now said to be investigating exactly how many of the stolen accounts belong to active users.
Microsoft were also quick to respond, and recognized that hacking at this level was an “unfortunate reality” and that it has “security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access.”
Indeed, it is an unfortunate reality, but you can make sure you’re not affected by simply changing your email password right now. The expression “better to be safe than sorry” couldn’t be more appropriate than in times like these.