Amid Data Breach, Google, Mail.ru and Yahoo Claim 98% of Leaked Credentials Bogus

Hundreds of millions of email login credentials -- affecting Gmail, Yahoo, Mail.ru (Russia's most popular email service), and Hotmail among other websites -- were being traded earlier this week in Russia's criminal underground. According to a report on Ars Technica, Google, Yahoo, Microsoft, and Mail.ru have now assured that the vast majority of leaked credentials are invalid. For instance, "More than 98% of the Google account credentials in this research turned out to be bogus," Google said. Dan Goodin reports: What has been clear all along to anyone paying attention is that the plaintext credentials recovered by Hold Security almost certainly didn't come from hacks on the e-mail providers. Instead, they most likely were collected by hackers who hit dozens, hundreds or thousands of third-party Web services over the years and dumped the account databases into a single list.

I believe them

[Opportunist]

Of course only if you follow their definition of "bogus". That is "using names, addresses and other personal information that isn't quite in sync with that of the person registering the account".

What we've learnt from this

[castus]

*) People's email credentials are being sold in large numbers on the black market
*) If you choose to buy some of these, it's not unlikely that you'll get many outdated or bogus credentials

Or in other words, planet Earth is still spinning around that big hydrogen ball

2 million valid credentials leaked?

[ljw1004]

Story1: Of the 100 million credentials leaked, 98% are bogus

Story2: 2 million valid credentials have been leaked

The second story still seems pretty serious to me...