272 million webmail logins leak for Hotmail, Yahoo and Gmail
If you rely on Gmail, Hotmail or Yahoo, you may want to take a minute now and change the password. Hold Security has acquired a list of 272 million login credentials spread across all three providers, as well as Russian company Mail.ru.
The vast majority – 57 million – were in fact for the Russian email provider, and a spokesperson from the company suggested that after an initial investigation, the leak wasn’t as bad as it first appeared. “
The vast majority – 57 million – were in fact for the Russian email provider, and a spokesperson from the company suggested that after an initial investigation, the leak wasn’t as bad as it first appeared. “A large number of usernames are repeated with different passwords,” she told the BBC. “We are now checking whether any combinations of username/password match – and as soon as we have enough information we will warn the users who might have been affected.”
Elsewhere, 40 million logins were from Yahoo accounts, 33 million were from Hotmail and 24 million were from Google. All three providers told the BBC they were investigating the breach, although Microsoft added that any account in the list would require “additional information to verify the account owner and help them regain sole access”.
When approached by the hacker, Hold Security claimed that they were expecting a huge ransom demand, but the cybercriminal’s request was astonishingly modest: 50 rubles. That’s roughly 52 pence, which led the company to be somewhat sceptical. “This greatly impacts the data’s credibility and value, similar to an expensive sports car being sold for pennies at auction,” they wrote.
The hacker claimed that they just wanted rid of the data, but felt unable to give it away. Hold Security still refused this very low ransom out of principal, and they eventually secured the trove by adding a few likes and votes to his social media page. (“So much for anonymity,” quips the post.)
While it may sound like a generous offer from the hacker, the company warned that the willingness with which he gave up the data suggests that the logins may already be out in the wild, so all the more reason to change your passwords now, if you haven’t already.