In case, you hold email accounts with popular service providers such as Mail.ru, Gmail, Yahoo or Microsoft, it is extremely important that you change their passwords now. What can be termed as the biggest scandal of password steal to be exposed in the last 2 years, Reuters report that Hundreds of millions of hacked usernames and email passwords for email accounts and other websites are being trafficked in Russia’s criminal underworld.
Email passwords compromised
Alex Holden, founder and chief information security officer of Hold Security, informed that 272.3 million accounts are being traded by hackers that have majority of users of Mail.ru, Russia’s most popular email service, and smaller fractions of Gmail, Yahoo and Microsoft email. Added to above hundreds of thousands of accounts German and Chinese email providers are also being traded for money.
Holden who in the past has uncovered some of the World’s biggest known data breaches, affecting millions of users at Adobe Systems, JPMorgan, said that the current email credentials stealth is one of the biggest and can be abused in multiple ways.
How did this massive data breach unearth
The discovery of this massive Data Breach came after Hold Security researchers found a young Russian hacker bragging in an online forum that he had collected and was ready to give away a far larger number of stolen credentials that ended up totaling 1.17 billion records. The hacker apparently was willing to trade the data with people who were nice to him, said Holden.
Email passwords being traded at less than $1
The young Russian hacker asked just 50 roubles (less than $1) for the entire trove, however, ended up giving up the dataset after Hold researchers agreed to post favorable comments about him in hacker forum.
What can be more catastrophic is the fact that these huge data breaches can be used to engineer further break-ins or phishing attacks by reaching the universe of contacts tied to each compromised account, hence multiplying the risks of financial theft or reputational damage across the web world.
Response from Email Providers
Mail.ru, in an email to Reuters said,
“We are now checking, whether any combinations of usernames/passwords match users’ e-mails and are still active. As soon as we have enough information we will warn the users who might have been affected.”
A Microsoft spokesman responded by saying that stolen online credentials were an unfortunate reality. He further quoted,
“Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access.”
Reactions from Yahoo and Gmail are still awaited.
What you can do as a user
As an email user, you must immediately change the email passwords of your accounts and not store them anywhere online. Since hackers know that people love to keep on repeating their old passwords to different accounts, you must replace old passwords with stronger ones and not use the old ones in the future.