Email passwords for 272 million Google Accounts, Hotmail, and Yahoo accounts were stolen and are currently being traded by cybercriminals.
This gigantic database is one of the largest ever discovered
Russian Cybercrminals Trading Stolen Email Passwords
Russian hackers, cybercriminals, and black market dealers are trading login details for more than 272 million Gmail Accounts, Hotmail, and Yahoo accounts on the black market.
Cybersecurity firm, Hold Security, can point to research that shows the most of the stolen login credentials are associated with Mail.ru, Russia’s most widely-used email service.
However, according to Reuters, millions of Google Accounts, Yahoo, and Microsoft email accounts were also stolen, which affects Internet users the world over.
It’s one of the largest steals in the history of the web, and a lot of people are seriously worried. This huge stash of stolen login credentials has the potential to compromise the security, privacy, and financial integrity of millions of people.
Hold Security says that it discovered the Google Accounts and other emails database on a forum for Russian hackers, where they say one person was boasting he had acquired the details for over one billion email accounts.
However, Hold Security looked at the database itself to see if what the user was saying was true, and they found the real number was a whole lot smaller. Still, some organizations have been badly affected. The cache has about 57 million Mail.ru accounts, which is most o the mail service’s 64 million active email account users.
Stolen passwords can bring in a pretty penny on the dark web and the black market. The strange thing is that the Russian hacker asked for just 50 roubles for the whole batch. He ended up handing over the whole cache to Hold Security after they told him they would say positive things about him online, because they have a policy in place against buying stolen data.
The founder of Hold Security, Alex Holder, said that the information was powerful. He said it was just floating around on the dark web and that this individual was just willing to give it away to people who treated him well. He also said that the login credentials could be abused multiple times.
The stolen login credentials can be used to get into the gmail accounts, but the web surfers who have the same password for several different websites are more at risk. If they use the same password for their online banking information, they could be in serious trouble.
Web users who are worried about the leak should probably change their passwords, begin using different passwords for different websites, and get enrolled in two-step verification for sites that support it.
At the moment, Mail.ru is looking at the password database, and they’re trying to see if the entries really do match up with the user accounts.
A Microsoft spokesperson said that there are several places on the Internet where leaked and stolen login information is posted, and that they take action to protect people when they come across them or people send them to Microsoft. He went on to say that Microsoft has great security measures in place to alert them to account compromise. They then require more info to double-check the identity of the account owner and help them get sole access back.
It could be that the stash is out of date and doesn’t pose too much of a threat at this point – however, it could be a new data pool, in which the email accounts included in the stash could be at risk. Some reports to the BBC from Mail.ru suggest that, from a records sample, there may not be all that many live email-password combos in the data.
Steps to Take Now: What Should You Do?
Change your password
First of all, change your password now. If you reuse that password elsewhere on the Internet, change it wherever you use it. A hacker or unscrupulous person might investigate you and try to use that password at your PayPal account, online banking destination, or business email account. If you use the same email address and password on PayPal, for instance, you should definitely change your password there, too.
You’ve got to protect your online identity and data first. Safeguard your information on whatever sensitive sites you’re using. So, look at online banking, Google Accounts, Yahoo, Dropbox, Apple iCloud, Facebook, etc. In a nutshell, it’s any website where you talk to people or leave important data. Just think how much information Google has on you. It’s not only your email. They have information going back a long, long time.
Lock down your gaccount
Keeping your gmail account protected is probably the most important thing to do online. Your email archive can “draw a picture of your life online,” and that will help a cybercriminal find out what other accounts you use. They might even be able to get into them from your email inbox information alone. It’s crucial you’re 100% sure that account hasn’t been compromised. So, change your password right now.
Make sure your password is hard to crack, too. Use uppercase and lowercase letters, numbers, and special characters.
Get started with “two-factor” or “two-step” verification at any site you can
A lot of sites, including Google Accounts, let you go a step beyond the password, with a process known as “two-factor” verification. In addition to your main password, you’ll have to put in a special code. This automatically generated code will go straight to your smartphone.
Next, repeat this process with any site where you’ve got financial information
Begin with your bank and brokerage accounts. Go to any sites that have direct access to your money.
Lock up your credit card details online
Now, go to credit card company websites and any retailers where you’ve got stored credit card information and change all your information. Even if you’re protected against fraud, it is still difficult to deal with it, and you won’t want to go through it.
*Featured Image – Credit Ultramcu | Dreamstime.com