Millions of Gmail, Yahoo, Hotmail Email Accounts Being Traded in Russian Underworld

Eric Auchard, reporting for Reuters (edited and condensed): Hundreds of millions of hacked usernames and passwords for email accounts and other websites are being traded in Russia's criminal underworld, a security expert told Reuters. The discovery of 272.3 million stolen accounts included a majority of users of Mail.ru, Russia's most popular email service, and smaller fractions of Google, Yahoo and Microsoft email users (Editor's note: the numbers are: 57M Mail.ru, 24M Google, 40M Yahoo, and 33M Hotmail), said Alex Holden, founder and chief information security officer of Hold Security. [...] The latest discovery came after Hold Security researchers found a young Russian hacker bragging in an online forum that he had collected and was ready to give away a far larger number of stolen credentials that ended up totaling 1.17 billion records.Amir Efrati, a reporter with The Information, asks: "Industry seems to be failing at convince email users to do 2-step verification. Why not require it?"

This is simple...

1. Don't log into websites with a Google, Microsoft, or Facebook account. This is patently stupid and only those who don't understand security will do this and claim "it's easy", or "it's convenient". You get what you have coming if you go this route.

2. Firewall email and other accounts. IOW, have an account for important personal things. Have an account for trivial things. Have a throwaway account for quick signup that are not important. With Facebook and other privacy-nightmare sites, use an email account that is used for nothing else. Don't populate the account with addresses. It's the account used to maintain the service.

3. Use 2FA where possible. Don't use the same passwords across accounts. This is a no-brainer, but people do it for convenience. Don't. It's stupid. Have a separate password for each service. It's really not difficult to remember passwords.