Gmail, Yahoo, Hotmail and Mail.ru and perhaps more, have leaked usernames, email addresses and unencrypted passwords.
The security firm that discovered the breach, Hold Security, believes that many of the accounts involved in this leak have not been previously leaked. According to its analysis there are over 272 million unique email and unencrypted password pairs, where 42.5 million have not been previously leaked. Hold Security was able to get a hold of the data for free. The hacker originally asked for 50 roubles (equating to around 75 cents or 52 pence) for the entire list. Instead, an agreement was reached to provide the data for free if the firm was to post positive comments about the hacker in a forum. A breakdown of the major services affected showed the scale of the leak: 57 million accounts for Mail.ru 40 million for Yahoo Mail 33 million for Hotmail 24 million for Gmail The concern of this leak does not lay solely with people being able to gain access to one's email account, but also that these details could be used to send bulk phishing emails.” (emphasis mine) – Neowin
The security firm that discovered the breach, Hold Security, believes that many of the accounts involved in this leak have not been previously leaked. According to its analysis there are over 272 million unique email and unencrypted password pairs, where 42.5 million have not been previously leaked.
Hold Security was able to get a hold of the data for free. The hacker originally asked for 50 roubles (equating to around 75 cents or 52 pence) for the entire list. Instead, an agreement was reached to provide the data for free if the firm was to post positive comments about the hacker in a forum.
A breakdown of the major services affected showed the scale of the leak:
The concern of this leak does not lay solely with people being able to gain access to one's email account, but also that these details could be used to send bulk phishing emails.” (emphasis mine) – Neowin
I’d get busy changing passwords, and be extremely careful about emails with attachments, even from people you know.
Send a return email asking whether they sent you an email with an attachment.
Not good. Not good at all.
Changed my password. Good lookin' out Doc.
Thanks for the warning Doc !
Why are there so many bastards in the world intent on causing harm, ripping people off? Seems to me that the internet is getting less user friendly by the minute.
A few trial-less 'blunt knife' castrations might act as a hacker deterrent.... and if they're women, cut off a couple of 'somethings' they'd rather not lose.
Perhaps for more severe cases, a few drawn out and painful executions is the way to go.
Put bluntly, the world has gone way too soft on crime.
And another for good measure.
Because there are people lacking in compassion for whom the ends justify the means.
Because there are those who would rather steal than work, no matter whom they harm while doing it.
I'll add my thanks to you, Dr.
These hackers are the type who need to be exposed with all the capabilities that exist.
Because there are people lacking in compassion for whom the eds justify the means.Because there are those who would rather steal than work, no matter whom they harm while doing it.
Yeah, I know, but it's not just the lazy bastards who'd rather steal than earn a crust, it's also those who hack primarily to cause harm, pain and frustration. The cash 'reward' at the end actually disinterests them. No, their 'reward' is derived more from the damage done, and those are the worst kind of hacker. Not that I condone it, but stealing does have a point, in that there is an actual gain, but the senseless hacking that causes nothing but harm is beyond understanding. No person in their right mind would do it, so one can only conclude that those who do it are bitter and twisted individuals with sick minds.... if you could call what's between their ears a mind.
Now I'm not normally an advocate of violence, but the world has become far too soft in criminals and something needs to be done, and I'm sick to the back teeth with true crime being inadequately dealt with while petty misdemeanors are more harshly punished.
The last time this happened, it was an old set of user/passwords, I'm curious as to whether this too is some mysterious old list that for some reason exists in the first place...
Thanks for heads up Doc.
Might explain the recent rash of Locky-bearing emails on my gmail account.
Thanks for the heads up, Doc.
I know I know.....I'm just the doomsayer but when information like this is finally made public it is unfortunately very late in the "information theft" game. Of course passwords should be changed etc. but in my opinion one should always perform actions connected to the internet assuming that one's information (ie. accounts and all relevant information) are likely never private in the first place.
In what I do (dealing with corporate network/systems infrastructure) it has become painfully obvious that the term 'security' too often means 'locking the barn door AFTER the horse has escaped' and/or refers to Band-Aid fixes to issues that really have no solution in the first place. The home user? Is even more fucked.... Why do I say that? When one of the nation's premier ISP's has (just as a small example) their DNS servers poisoned/hacked several times a year sometimes for longer periods of time (these are the servers that most users rely on to send/point their internet requests to the correct places) my faith in an even relatively safe internet landscape is non-existent.
I wish I felt less pessimistic about the 'internet landscape' but my experience has taught me.......if you do anything (and I mean anything) on the internet at all.....understand that someone somewhere is doing it with you. Internet security is a sick joke.....
Having said all that......thanks again Doc for always looking out for this community. The world needs more of you!
Monk, you're right...the fact these leaks/hacks, etc. aren't revealed immediately is criminal, or would be if there were laws governing it. G*d forbid they ever do that: It might actually help prevent widespread damage.
Like the security weak spots in browsers, etc. "We'll give you a month before we make it public." ...and screw the people whose identities, etc. are stolen in the meantime.
Don't get me started. Grrrr.
C, mon, Doc, you're already in 1st gear and rearing to go... so yeah, tell us how you really feel.
I second, all in favor say "aye."
Aye!! .... And i n triplicate, Aye, Aye, Aye.
The internet lacks natural borders. Most of the "senseless" destruction their is most likely caused by people working under a political agenda. Alot of this comes from Asia & targets the West. These people, possessing good & expensive electronic devices and the related education to make good use of it, are far from being a typical looser-type of criminal who has to steal/rob/whatever in order to support himself.
Thanks for posting, Doc.
I did change my passwords, now let's see if I'll remember the new ones.
I have a small book with passwords. It's not the optimal solution. Never got around setting up a password manager. I never knew if I could trust password managers. What if they get hacked? Then ALL your passwords are up for grabs. No, I rather lose one password at a time...
Maybe someone can convince me that password managers are good. Or not. Do you folks use them?
Thanks to the link in the post I found this site, that lets you check if you have been compromised.
The site seems legit, created by this guy:
I checked my email-addresses. One had been compromised in the famous Linux Mint hack of this year. But my password was random and has now been changed so no biggie.
Anyway, this site by Troy Hunt is really useful I think. You don't have to wonder if you been "pwned". Just look it up.
anotherside: Lastpass has been hacked.
Keypass, if hacked has not been published as having been hacked.
Be careful about "helpful" sites...they might be the opposite.
it's Hold Security again. so no surprise here. it's a pity that the "Russian gang steals 1.2 billion user names and passwords" thread from 2014 by DrJBHL has been deleted.
Just to clarify something: We live in a time when data is stolen. People, among them WC members, use these services. My job is to report this. If I had waited to report this to members, they would have been in jeopardy. Was it unreasonable to think that hackers stole this data? I do not believe so. This is a case of 20/20 hindsight.
Is changing user name/password an unreasonable thing? Does it involve a massive inconvenience? I do not think so. As with many things, there is a risk/benefit ratio. Does the risk incurred by not changing a password (which should be done routinely, anyway) justify not doing so? Clearly not.
We should believe Google. Because Google.
Is the biggest data hog of all time... retaining even 'useless' data just in case it may one day be useful.
If you sneeze, Google wants to know about it.
If you cough, Google wants to know about it
If you fart, Google sees it as ammunition to embarrass you somewhere farther down the track.
If you die.... Google already knows what you left it in your Will.
Good on ya, Doc.
Rather have the occasional 'false' alarm than a real fire & not know it. I was due to change my master pword, anyway.
agree. better safe than sorry
There are many great features available to you once you register, including:
Sign in or Create Account