Email services including Gmail, Yahoo Mail and Hotmail have fallen victim to a hack, exposing usernames and passwords for millions of users. According to Reuters, a huge data breach consisting of some 273.3 million online accounts has been reported by security expert Alex Holden of Hold Security. All told, the data breach contains 57 million accounts for the Russian email provider Mail.ru, along with 40 million Yahoo Mail credentials, 33 million Hotmail accounts and 24 million Gmail accounts.
Hackers are trading millions of Gmail, Hotmail, Yahoo logins
In addition, the breach reportedly contains hundreds of thousands of German and Chinese email addresses as well as thousands of username / password combos that appear to belong to employees from US banking, manufacturing and retail companies.
Hold Security apparently came upon this data directly from the hacker, who was selling the data set for the curiously low sum of less than $1. Holden instead told the hacker that he would post “favorable comments” about him in various hacker forums; that was enough to get the hacker to turn the data over. About ten days ago, Hold Security started informing the companies affected of the data breach; the company’s policy is to return stolen data to the companies affected.
It’s worth noting that while tens of millions of Gmail, Yahoo and Hotmail accounts were affected, the total percentage of accounts compromised compared to the total in circulation is relatively small. Google recently announced that more than one billion people are using Gmail, for example. But given people’s propensity to reuse passwords, this breach could have wider-reaching effects. Either way, better safe than sorry — if you haven’t changed your password recently, now is as good a time as any. Also, turn on two-factor authentication!
Source | Engadget