Ramblings of an old Doc

 

Gmail, Yahoo, Hotmail and Mail.ru and perhaps more, have leaked usernames, email addresses and unencrypted passwords.

The security firm that discovered the breach, Hold Security, believes that many of the accounts involved in this leak have not been previously leaked. According to its analysis there are over 272 million unique email and unencrypted password pairs, where 42.5 million have not been previously leaked.

Hold Security was able to get a hold of the data for free. The hacker originally asked for 50 roubles (equating to around 75 cents or 52 pence) for the entire list. Instead, an agreement was reached to provide the data for free if the firm was to post positive comments about the hacker in a forum.

A breakdown of the major services affected showed the scale of the leak:

  • 57 million accounts for Mail.ru
  • 40 million for Yahoo Mail
  • 33 million for Hotmail
  • 24 million for Gmail

The concern of this leak does not lay solely with people being able to gain access to one's email account, but also that these details could be used to send bulk phishing emails.ā€ (emphasis mine) ā€“ Neowin

Iā€™d get busy changing passwords, and be extremely careful about emails with attachments, even from people you know.

Send a return email asking whether they sent you an email with an attachment.

Source:

http://www.neowin.net/news/millions-of-accounts-for-webmail-providers-leaked-gmail-yahoo-mail-hotmail-and-more


Comments (Page 1)
2 Pages1 2 
on May 04, 2016

Not good. Not good at all. 

on May 04, 2016

Changed my password. Good lookin' out Doc. 

on May 04, 2016

Thanks for the warning Doc !

on May 04, 2016

Why are there so many bastards in the world intent on causing harm, ripping people off?  Seems to me that the internet is getting less user friendly by the minute.

A few trial-less 'blunt knife' castrations might act as a hacker deterrent.... and if they're women, cut off a couple of 'somethings' they'd rather not lose.

Perhaps for more severe cases, a few drawn out and painful executions is the way to go.

Put bluntly, the world has gone way too soft on crime.

And another for good measure.

on May 04, 2016

starkers

Why are there so many bastards in the world intent on causing harm, ripping people off?

Because there are people lacking in compassion for whom the ends justify the means.

Because there are those who would rather steal than work, no matter whom they harm while doing it.

on May 04, 2016

I'll add my thanks to you, Dr.

These hackers are the type who need to be exposed with all the capabilities that exist.

 

on May 04, 2016

DrJBHL


Quoting starkers,

Why are there so many bastards in the world intent on causing harm, ripping people off?



Because there are people lacking in compassion for whom the eds justify the means.

Because there are those who would rather steal than work, no matter whom they harm while doing it.

Yeah, I know, but it's not just the lazy bastards who'd rather steal than earn a crust, it's also those who hack primarily to cause harm, pain and frustration.  The cash 'reward' at the end actually disinterests them.  No, their 'reward' is derived more from the damage done, and those are the worst kind of hacker.  Not that I condone it, but stealing does have a point, in that there is an actual gain, but the senseless hacking that causes nothing but harm is beyond understanding.  No person in their right mind would do it, so one can only conclude that those who do it are bitter and twisted individuals with sick minds.... if you could call what's between their ears a mind.

Now I'm not normally an advocate of violence, but the world has become far too soft in criminals and something needs to be done, and I'm sick to the back teeth with true crime being inadequately dealt with while petty misdemeanors are more harshly punished.

on May 04, 2016

The last time this happened, it was an old set of user/passwords, I'm curious as to whether this too is some mysterious old list that for some reason exists in the first place...

on May 04, 2016

Thanks for heads up Doc. 

on May 04, 2016

Might explain the recent rash of Locky-bearing emails on my gmail account.

Thanks for the heads up, Doc.

on May 05, 2016

I know I know.....I'm just the doomsayer but when information like this is finally made public it is unfortunately very late in the "information theft" game.  Of course passwords should be changed etc. but in my opinion one should always perform actions connected to the internet assuming that one's information (ie. accounts and all relevant information) are likely never private in the first place.

In what I do (dealing with corporate network/systems infrastructure) it has become painfully obvious that the term 'security' too often means 'locking the barn door AFTER the horse has escaped' and/or refers to Band-Aid fixes to issues that really have no solution in the first place.  The home user?  Is even more fucked....  Why do I say that?   When one of the nation's premier ISP's has (just as a small example) their DNS servers poisoned/hacked several times a year sometimes for longer periods of time (these are the servers that most users rely on to send/point their internet requests to the correct places) my faith in an even relatively safe internet landscape is non-existent.

 I wish I felt less pessimistic about the 'internet landscape' but my experience has taught me.......if you do anything (and I mean anything) on the internet at all.....understand that someone somewhere is doing it with you.  Internet security is a sick joke.....

 

Having said all that......thanks again Doc for always looking out for this community.  The world needs more of you! 

on May 05, 2016

Monk, you're right...the fact these leaks/hacks, etc. aren't revealed immediately is criminal, or would be if there were laws governing it. G*d forbid they ever do that: It might actually help prevent widespread damage.

Like the security weak spots in browsers, etc. "We'll give you a month before we make it public." ...and screw the people whose identities, etc. are stolen in the meantime. 

Don't get me started. Grrrr.

on May 05, 2016

DrJBHL

Don't get me started. Grrrr.

C, mon, Doc, you're already in 1st gear and rearing to go... so yeah, tell us how you really feel.

on May 06, 2016

starkers


Quoting DrJBHL,

Don't get me started. Grrrr.



C, mon, Doc, you're already in 1st gear and rearing to go... so yeah, tell us how you really feel.

 

I second, all in favor say "aye." 

on May 06, 2016

Aye!!  .... And i n triplicate, Aye, Aye, Aye.  

2 Pages1 2