Slashdot Mirror

← Back to Stories (view on slashdot.org)

Millions of Gmail, Yahoo, Hotmail Email Accounts Being Traded in Russian Underworld (reuters.com)

Posted by msmash on from the big-data-breach dept.

Eric Auchard, reporting for Reuters (edited and condensed): Hundreds of millions of hacked usernames and passwords for email accounts and other websites are being traded in Russia's criminal underworld, a security expert told Reuters. The discovery of 272.3 million stolen accounts included a majority of users of Mail.ru, Russia's most popular email service, and smaller fractions of Google, Yahoo and Microsoft email users (Editor's note: the numbers are: 57M Mail.ru, 24M Google, 40M Yahoo, and 33M Hotmail), said Alex Holden, founder and chief information security officer of Hold Security. [...] The latest discovery came after Hold Security researchers found a young Russian hacker bragging in an online forum that he had collected and was ready to give away a far larger number of stolen credentials that ended up totaling 1.17 billion records.Amir Efrati, a reporter with The Information, asks: "Industry seems to be failing at convince email users to do 2-step verification. Why not require it?"

3 of 73 comments (clear)

  1. Russians by 110010001000 · · Score: 4, Funny

    Kennedy should have gotten rid of them when he had the chance! They are reading our Hotmail!

  2. Run your own email server by jfdavis668 · · Score: 4, Funny

    Follow Hillary Clinton's example, and just run your own server.

  3. Federated authentication by mi · · Score: 5, Insightful

    Two-Step Authentication

    No guarantee. A lot can be obtained from third-party sites, to which people login using their existing accounts. It is not only Slashdot, which allows you to login with your Yahoo! or Facebook credentials...

    When you use this method on a web-site, you get a notice, that you authorize the site to "access your contacts" and some other information. This is easy for the sites to set up and they like it because they want to encourage people to comment — it increases "pageviews". The site itself may not be abusing this access (some operators may not even realize, they have it).

    Unfortunately, not all sites are good at guarding it — this is how your entire Yahoo! addressbook, for example, may end up in the criminals' possession without them ever actually accessing your mailbox. Having such addressbooks, spammers can (and do!) generate customized spam in which you appear to be the sender for each of your contacts and which opens with the salutation you used to identify the contact. Such spams, obviously, have a far higher chances of being read by the victims — and the links in them are much more likely to be clicked.

    --
    In Soviet Washington the swamp drains you.