Pages Navigation Menu

SHOWFUN - Show & Fun & More!

No, your email provider probably hasn't suffered a major security breach ()

The trading of millions of email addresses from Google, Yahoo, and Microsoft accounts may not be as bad as it first sounds.   

Following Hold Security's report that it traded a social media like for a hacker's stash of over 900 million stolen login credentials, some news outlets have enthusiastically proclaimed that major email providers have suffered a recent "data breach".

However, the original report from Hold Security itself notes that "it's a collection of multiple breaches over time. The hacker admits this without hesitation."

Once duplicate entries are removed, leaving a total of 272 million sets of credentials, the collection mostly consists of login credentials linked to Russia's Mail.ru webmail provider. Reuters reports that Hold Security CEO Alex Holden says a further 15 per cent (40 million) were Yahoo Mail addresses, 12 per cent (33 million) were Microsoft Hotmail accounts and 9 percent (24 million) were Gmail addresses.

While the size of the credential collection is impressive, it included only around 4 million examples – 0.45 per cent of the total – that Hold has never seen before. As the company points out, this means that "most of the stolen data has already been identified and many companies and individuals are already secured."

The relatively small number of new credentials and large number of duplicates, along with the hacker's willingness to trade the entire list for 50 rubles (50p) or a like on social media informs us that the cache of data isn't likely to be particularly recent or valuable. However, breaches like this are an important reminder to enable two-factor authentication, use password managers and high-entropy passwords and, if it's been while since you changed a widely-used or weak password, time to create some new ones.

Hold Security has already informed the companies whose customers are affected by the breach. A Microsoft spokesperson told Reuters that "Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access."

Similarly, a Mail.ru representative told the BBC that "a large number of usernames are repeated with different passwords. We are now checking whether any combinations of username/password match [active accounts] - and as soon as we have enough information we will warn the users who might have been affected."

Leave a Comment

Captcha image