You May Want To Change Your Email Password

More than 272 million email credentials were for sale on the Russian black market, including email accounts stolen from Gmail, Microsoft and Yahoo.

In news first reported by Reuters, hackers from Russia were able to obtain the private login information of millions of email accounts. Researchers from Hold Security uncovered the data breach after identifying a Russian hacker on an online forum who was boasting about his hacking success.

The database of stolen email information includes 57 million Mail.ru accounts, 24 million Gmail accounts, 33 million Microsoft accounts and 40 million Yahoo email accounts.

To put the scale of the cybercrime into perspective, Mail.ru only has 64 million monthly active users.

Hold Security asserts that thousands of the stolen emails belonged to employees from large American banks, manufacturing and retail companies.

Fortunately, Hold Security was able to recover the stolen information and has notified affected organizations, but it would still be advisable for email users to update their login information – and on a regularly basis.

In addition to the celebratory Cinco de Mayo, May 5 also marks the fourth annual World Password Day. 

World Password Day was originally created by Intel Security as a reminder for Internet users to protect their identities online by keeping their passwords updated, secret and unique. 

2 comments about "You May Want To Change Your Email Password".
Check to receive email when comments are posted.
  1. Brian Nakamoto from Tightrope Interactive, Inc., May 6, 2016 at 2:22 p.m.

    Also, use two-factor authentication a.k.a. two-step verification:
    Google – https://www.google.com/landing/2step/
    Microsoft – http://windows.microsoft.com/en-us/windows/two-step-verification-faq
    Yahoo! – https://help.yahoo.com/kb/SLN5013.html
    Apple – https://support.apple.com/en-us/HT204974

  2. Andrew Bonar from EmailExpert, May 8, 2016 at 11:29 a.m.

    Certainly two-factor authentication is a good idea and people should avail themselves of the added security it offers. The Rueters article hinted that data was stolen from stolen from Gmail, Microsoft and Yahoo but close reading would have shown the story was full of holes. They referred to the fact that "The Collector' the young 'kid' hawking the data had collected information from many different sources. As such this was data generally widely reported previously and was the result of previous well publicised and less well known data breaches. 

    If it reminds people to change passwords regularly great, but the missed opportunity is highlighting the fact these user/password combinations (which in one independent analysis found less tha 0.5% to be valid combinations)  came from websites breached other than the email providers websites, forums and other places. As such a reminder to not use the same password across multiple sites. More than that using the same password with a unique identifier for each site is also unwise, as when a trove such as this is made available with the same email address and multiple passwords from various websites, comparisons can be made and patterns found. 

Next story loading loading..