If you use Hotmail, Yahoo or Gmail, stop what you’re doing and go change your password immediately, because some clever dick has made off with login credentials for 273.3 million email accounts, including ones from those services.
According to a report by Engadget, this massive data breach affects 57 million Mail.ru (a Russian webmail client) accounts, 40 million Yahoo accounts, 33 million Hotmail accounts and 24 million Gmail accounts.
The hacker has also reportedly made off thousands of usernames and passwords for email addresses linked to Chinese and German email providers.
Thankfully, there are still some good folks in the world such as Alex Holden, chief information security officer from Hold Security who, together with his team of researchers, discovered the breach.
Hold Security’s researchers told Reuters they discovered the data when they stumbled upon a Russian hacker attempting to flog the data for the low, low price of less than a US dollar.
Rather than pay over any form of reward to the hacker, Hold researchers stroked the hacker’s ego saying they would “post favourable comments” about him on hacker forums.
Apparently being able to maliciously scrape millions of login credentials doesn’t automatically make you clever, because the hacker promptly handed the data over to Holden.
After going through the haul, Holden began notifying the affected companies of what had happened so they could check whether the accounts are currently active.
So does that mean Google, Yahoo and Microsoft were hacked? At this point, all signs point to no.
The Guardian reports that the data the hacker was trying to sell off came from smaller sites with less security than the three aforementioned companies.
Despite that, this is still dangerous because many people use the same login credentials across multiple accounts, meaning that if a hacker has this list with your password on it, they could have access to every service where you use that combination of credentials.
We would also advise that you treat suspicious emails even more suspiciously than usual because cyber criminals may be using these email addresses to send through malicious emails with links that might make you vulnerable to phishing attacks.
So we highly recommend that you go an change your passwords, and if you aren’t doing it already, use different passwords for different websites. And if you can’t keep track of them all, use an app like LastPass to manage your passwords for you.[Via – Engadget]