Change Your Password

casper

The Living Force
link:
http://www.iflscience.com/technology/millions-passwords-hotmail-gmail-and-yahoo-have-been-stolen


Quote:
"Looks like it could be time to change your password. There has been a massive breach of security exposing “hundreds of millions” of account details for many popular email services and websites.

Alex Holden, chief information security officer of Hold Security, has told Reuters that 272.3 million usernames and passwords have been stolen from users of Hotmail, Yahoo Mail, Google’s Gmail and Mail.ru, Russia's largest email service.

The majority of data comes from Mail.ru. Fifteen percent of data is known to come from Yahoo Mail, 12 percent from Hotmail, and 9 percent from Gmail. Usernames and passwords for banking and retail are also among the stolen information.

Holden advised all users of the email services to change their passwords. All of the affected email services also offer a two-step verification process, which will ask for extra information if there is an attempt to log in from a new device.

The discovery came after researchers from Hold Security found a young Russian hacker – referred to as "The Collector" – who was caught bragging about the "heist" in an online forum. Experts from Hold Security began talking to the hacker, expecting that he would ask for a high price for the extremely valuable and sensitive data. Bizarrely, the hacker asked for just 50 roubles (around 75 cents) for all of the data. Instead of big money, all he asked was that people post positive comments to his social media page.

Since the hacker released the information so readily, Hold Security fear the data could already be circulating around the online criminal underground.

Google told Tech Rader they are already looking into the issue and Mail.ru told Reuters that they are in the process of discovering the affected accounts. Microsoft, who own Hotmail, said they already have "security measures in place to detect account compromise." Yahoo has not yet responded."
 
There's another article here saying it may be a hoax or otherwise no reason to worry:

https://motherboard.vice.com/read/hacker-272-million-email-logins-no-panic?utm_source=howtogeek&utm_medium=email&utm_campaign=newsletter


Still, it's good practice to change passwords now and then.

...

Predictably, the story quickly made the rounds and got picked up by several media outlets. Some took it with more alarmism than others. “Millions of passwords stolen from Google and Yahoo users in major security breach,” titled the Daily Mail. Fellow British tabloid The Sun went with “Cyber security alert as expert warns millions of Gmail, Hotmail and Yahoo email accounts have been hacked.”

But there’s actually no reason to freak out whatsoever. First of all, there’s no evidence that these credentials were actually stolen from those email providers. In fact, Mail.ru, after a first check of a sample of the data, has found that none of those email and password combinations work, according to a spokesperson.

So what’s going on here? For starters, Hold Security itself admitted this is not really a data breach.

“It seems to be a collection of different breaches,” Alex Holden, the founder of Hold Security, told Motherboard.

Moreover, the hacker is clearly trying to inflate the number of credentials they have. Holden said the hacker passed his firm 1.17 billion credentials, but only 272 million were unique. And of those, only 42 million were credentials that the firm had never seen before. [Still quite a large number]

Holden added that almost none of the passwords were encrypted. Also, the fact that all this data, which could lead to more hacks and identity theft if legit, was being sold for only $1 makes makes it even more likely that these are credentials culled and accumulated from older data breaches. Would-be hackers routinely put lists like these together to sell them to other hackers or spammers and make an easy buck (quite literally in this case).

...

UPDATE, May 6, 11:06 a.m. ET: After analyzing 57 million Mail.ru credentials from the alleged breach, the Russian email provider concluded that 99.982% of those are “invalid,” according to a spokesperson.

“22.56% of the database entries analyzed contain email addresses that do not even exist, 64.27% contain wrong passwords, and some of the entries (0.74%) have no passwords whatsoever. The 12.42% remaining accounts had already been marked as suspicious by Mail.Ru (which means that our system considers those either hacked or controlled by a robot) and blocked,” the company wrote in a press release. “Only 0.018% of username/password combinations in the sample analyzed might have worked. We have already notified the affected users to change their passwords.”

In light of their analysis, Mail.ru concluded that the database found by Hold Security “is most likely a compilation of a few old data dumps,” and that “it is fair to assume that the sole purpose of issuing the report was to create media hype and draw the public attention to Holden’s cyber security business.”
 
My Gmail and Amazon accounts were compromised today. I have 2-way authentication so I warmly suggest everyone to activate/configure that option on your Email, Amazon etc.

I got an sms on my phone and I canceled login attempt.
They somehow managed anyway to get in both accounts because I´ve found that they´ve filtered emails from Amazon to go to Trash so I don´t see incoming security and purchase emails.
I managed just in time to log in Amazon (after changing pwd and stuff) to cancel purchase of Apple headphones. They already added new delivery addresses - one to Warsaw and another to Belin!

Change your pwds!

I´m trying to report all of this.
Gmail directs me to US government.
Now I´m trying to get in contact with Amazon.....
But I highly doubt that that will be any different and they will address me to police as well....
 
My Gmail and Amazon accounts were compromised today. I have 2-way authentication so I warmly suggest everyone to activate/configure that option on your Email, Amazon etc.

I got an sms on my phone and I canceled login attempt.
I didn't receive any email or sms. but the address in my amazon orders got encrypted on the online account. I suspect, encrypted address display is temporary measure to the some breach or suspected breach.
 
I didn't receive any email or sms.
You were hacked too? On both accounts or...?

I found this

So now I changed Gmail 2-steps verification to Authenticator app.
This Auth.app is registered on the server with my particular phone (I had to scan QR code upon app installation) and when you login on another device, it asks you for a code that my app generates.
Before that, also had 2-step verification where I had to verify login by swiping on my other device. So, I´m not sure how they hacked that...

I called Amazon DE, they blocked my account now and forwarded issue to security department.
They also confirmed that nothing was bought.


So bottom line, Google don´t care about your security breeches (all I found is to report abuse here), but Amazon at least tries to investigate.
 
You were hacked too? On both accounts or...?
No, I don't mean to say that. When I went to my orders page in the morning, it showed a Long encrypted address (starting with the word SIEGE:) instead of my real address. So my guess is, some breach happened at some layer of security forcing amazon to encrypt automatically. Now, every thing is back to normal.
I found this

So now I changed Gmail 2-steps verification to Authenticator app.
This Auth.app is registered on the server with my particular phone (I had to scan QR code upon app installation) and when you login on another device, it asks you for a code that my app generates.
Before that, also had 2-step verification where I had to verify login by swiping on my other device. So, I´m not sure how they hacked that...
I think hacking might not have happened at the individual customer level. probably at some server level. Probably that's why they encrypted the address temporarily until they fixed the issue. Any way, it is a guess, we will not know the exact details. 2-factor authentication is good, but that needs daily authentication.
I called Amazon DE, they blocked my account now and forwarded issue to security department.
They also confirmed that nothing was bought.

So bottom line, Google don´t care about your security breeches (all I found is to report abuse here), but Amazon at least tries to investigate.
True, google may not care, because many of their widely used services are free. But, amazon will lose big time, if that happens to them and the business model itself is somewhat different.
 
Back
Top Bottom