Google and Yahoo ‘investigating’ webmail breach that saw 272 millions logins stolen

GOOGLE AND YAHOO are investigating the major breach that saw 272 million webmail logins stolen this week.

In a statement given to the BBC, a Google spokesperson didn’t really have much to say but noted that the firm is looking into it.

“We are still investigating, so we don’t have a comment at this time, ” the spokesperson said.

Yahoo is also keeping a keen eye on things. “We’ve seen the reports and our team is reaching out to Hold Security to obtain the list of accounts now,” a spokesperson for the company said. “We’ll update going forward.”

Microsoft said on Wednesday that its webmail security will be able to detect if a users’ account has been compromised and that it would help those affected to regain sole access to their Hotmail accounts.

News of this major data breach first came via Reuters. It heard via Alex Holden, founder and chief information security officer of Hold Security – and the man who last year uncovered the largest data breach to date, that ‘hundreds of millions’ of usernames and passwords belonging to Gmail, Hotmail and Yahoo Mail users are being traded in Russia’s criminal underworld. 272 million records were stolen in total, and 42 million of these logins had never been leaked before.

Russia’s own Mail.ru email service accounts for the majority of hacked accounts at 57 million, but a large number also belong to Gmail, Hotmail and Yahoo Mail users.

Yahoo Mail credentials totaled 40 million, or 15 per cent of the haul, Hotmail accounted for 33 million, or 12 per cent, while 24 million, or nine per cent, belonged to Gmail account holder.

It wasn’t just email accounts that were targeted, according to the report, with Holden also discovering thousands of other stolen username and password combinations that appear to belong to employees of some of the largest US banking, manufacturing and retail companies.

Holden stumbled on the discovery after he saw a young Russian hacker – since nicknamed “The Collector” – bragging about the information haul in an online forum. He was asking for just 50 rubles – less than $1 – for the lot, but Holden was given the information for free after he said he’d big up the hacker online.

“This information is potent,” Holden said. “It is floating around in the underground and this person has shown he’s willing to give the data away to people who are nice to him. These credentials can be abused multiple times.”

Mail.ru spokeswoman Madina Tayupova told Reuters: “We are now checking whether any combinations of usernames/passwords match users’ emails and are still active.

“As soon as we have enough information we will warn the users who might have been affected,” she said, adding that Mail.ru’s initial checks found no live combinations of usernames and passwords that match existing emails.”

source