According to this report from Reuters, Russian hackers have access to 250 million user names and passwords of users on the major email services; Yahoo mail, Hotmail, Gmail among others. The report went on to say these details are now being circulated in the dark web. This simply means it’s time to strengthen your passwords without delay. “The latest discovery came after Hold Security researchers found a young Russian hacker bragging in an online forum that he had collected and was ready to give away a far larger number of stolen credentials that ended up totalling 1.17 billion records.
After eliminating duplicates, Holden said, the cache contained nearly 57 million Mail.ru accounts – a big chunk of the 64 million monthly active email users Mail.ru said it had at the end of last year. It also included tens of millions of credentials for the world’s three big email providers, Gmail, Microsoft and Yahoo, plus hundreds of thousands of accounts at German and Chinese email providers” and this means that that the Mail.ru has been the most hit.
The more amazing part of the report is that these accounts are sold for less than a dollar/50 Rubles in the Russian underground world. As passwords get hacked easily, top companies are embracing the idea of the password elimination. This is to be replaced with biometrics and other forms of security. MasterCard for example announced its intentions to replace the password as you know it with selfies and fingerprints. Major mail services like Gmail and Yahoo are mulling the idea as well for their users. In the mean time, there are steps you can take to protect yourself online as no mail service is exempt from this. Just before I bring those tips to you, it is estimated that Yahoo Mail credentials numbered 40 million, or 15 percent of the 272 million unique IDs discovered. Meanwhile, 33 million, or 12 percent, were Microsoft Hotmail accounts and 9 percent, or nearly 24 million, were Gmail.
- Be careful how you use public Wi-Fi
- Take advantage of two-factor authentication
- Constantly update your password (there are rules to having a strong password like upper case and inclusion of signs)
- Only use trusted email providers
- Be careful how you share your device (mobile or PC) with people
- Your password should always be confidential
Read more on this here
Please note: Most of the breaches were not as a result of a breach of your favourite email provider servers. As Google notes in this blog post, users have a big role to play in protecting themselves online.