Slashdot Mirror

← Back to Stories (view on slashdot.org)

Amid Data Breach, Google, Mail.ru and Yahoo Claim 98% of Leaked Credentials Bogus (arstechnica.com)

Posted by msmash on from the false-alarm dept.

Hundreds of millions of email login credentials -- affecting Gmail, Yahoo, Mail.ru (Russia's most popular email service), and Hotmail among other websites -- were being traded earlier this week in Russia's criminal underground. According to a report on Ars Technica, Google, Yahoo, Microsoft, and Mail.ru have now assured that the vast majority of leaked credentials are invalid. For instance, "More than 98% of the Google account credentials in this research turned out to be bogus," Google said. Dan Goodin reports: What has been clear all along to anyone paying attention is that the plaintext credentials recovered by Hold Security almost certainly didn't come from hacks on the e-mail providers. Instead, they most likely were collected by hackers who hit dozens, hundreds or thousands of third-party Web services over the years and dumped the account databases into a single list.

13 of 25 comments (clear)

  1. My Eye by Anonymous Coward · · Score: 1

    This is self serving and hard to disprove. So go for it!

  2. 5 million+ Credentials Real! by CanEHdian · · Score: 1

    100% -/- 98% = 2%; 2% of 272,000,000 = 5,440,000 valid accounts & passwords. Getting a 2% success rate isn't so bad, is it?

    --
    When the copyright term is "forever minus a day", live every day like it's the last.
    1. Re:5 million+ Credentials Real! by sims+2 · · Score: 1

      Still seems rather low considering the number of people that use the same password everywhere.

      --
      Minimum threshold fixed. Thanks!
  3. 2% Milk by rmdingler · · Score: 1
    It's always the 2% that ruins it for the rest of us.

    The rabble rallied in the cafeteria because a kitchen server spread a rumor the milk was only 2% milk and 98% water and adulterants. Now we get only skim.

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway

  4. I believe them by Opportunist · · Score: 3, Insightful

    Of course only if you follow their definition of "bogus". That is "using names, addresses and other personal information that isn't quite in sync with that of the person registering the account".

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:I believe them by shawn2772 · · Score: 1

      Sorry, I didn't know I'd give away company secrets, I thought that's common knowledge by now.

      What are you talking about?

    2. Re:I believe them by tlhIngan · · Score: 1

      Well, I mean the sale price of it was $1 for it. Yes, a dollar. Then it dropped to merely "recognition". Yes, all those accounts are yours if you simply give the guy credit.

      At this point it's basically too good to be true - the list is basically free and all the guy wants is credit? I don't know about you, but when it's too good to be true...

      Someone wants to make a name for themselves and just amalgamated w huge list probably from other public lists of breached emails and addresses.

  5. What we've learnt from this by castus · · Score: 3, Funny

    *) People's email credentials are being sold in large numbers on the black market
    *) If you choose to buy some of these, it's not unlikely that you'll get many outdated or bogus credentials

    Or in other words, planet Earth is still spinning around that big hydrogen ball

  6. 2 million valid credentials leaked? by ljw1004 · · Score: 2

    Story1: Of the 100 million credentials leaked, 98% are bogus

    Story2: 2 million valid credentials have been leaked

    The second story still seems pretty serious to me...

    1. Re:2 million valid credentials leaked? by castus · · Score: 1

      98% for gmail, 99.98% for mail.ru

      I wouldn't be surprised if you could do better than that by reusing passwords from other breaches
      Everyone didn't get the don't-reuse-your-password memo

  7. Hey... I have the same combination on my luggage by SeattleLawGuy · · Score: 1

    "More than 98% of the Google account credentials in this research turned out to be bogus," Google said.

    In unrelated news, security researchers discovered today that 'bogus' is the most common password in the universe. They theorize it may have something to do with accidentally allowing Keanu Reeves near a phone booth.

    --
    Real lawyers write in C++
  8. Re:Just got a warning from Google... by Motherfucking+Shit · · Score: 1

    I got one of those emails yesterday ("Someone has your password") for a Gmail account I've never heard of, where someone was trying to login from overseas. Whoever created the Gmail had apparently registered my email address as the recovery account. There was a link in the email to disavow the Gmail account, so I did that. I found it a little disconcerting that someone was able to add my email address to their Gmail account without any notification or confirmation email being sent there.

    --
    "BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
  9. 'Why Ars ignored this breach' by Rexdude · · Score: 1

    ..because they couldn't be Ars-ed?

    --
    "..One hosts to look them up, one DNS to find them, and in the darkness BIND them."