Breach Brief – Gmail, Hotmail, Yahoo Email

Breach Brief – Gmail, Hotmail, Yahoo Email

gmailIts likely that you have either a Gmail, Hotmail or Yahoo email account. Its also likely that it has been compromised.  According to Reuters over 270 million stolen Yahoo! Mail, Gmail, Hotmail and other email account credentials are floating around in Russia’s cyber criminal underground. Email credentials are your username and password.

These stolen email credentials were discovered by Hold Security. Researchers discovered a Russian hacker going by the name of “the Collector,” saying that he was ready to give away the credentials.  “The Collector” offered the credentials to cybercrime expert Alex Holden for free just for the publicity. Holden previously uncovered breaches at Adobe, JP Morgan and Target.

The total haul of the theft was estimated to be over one billion records but the security company eliminated duplicates lowering the total number of  credentials to just 272.3 million.

Yahoo mailMost of the credentials were associated with the Mail.ru service. Email credentials from Germany and China were also found among the stash.  However a significant number belonged to U.S. email providers. The remaining stolen credentials breakdown as follows, Yahoo Mail, 40 million credentials stolen; Microsoft Hotmail, 33 million; and Gmail 24 million. It’s not known if any of these accounts have actually been breached.

The most frightening detail of this breach is that many of the emails are linked to employees of some of the largest U.S. banking, manufacturing, and retail companies. Hold Security has informed the affected companies and organizations.

Hotmail-logoIf you have a Gmail, Yahoo or Hotmail account you should immediately change your password. Experts also recommend that you set up two-step verification on your email accounts. Gmail, Yahoo and Hotmail all offer two factor authentication that sends a second password to your smartphone when you sign in.

Officials at Yahoo and Google have yet to issue a statement about the breach. Microsoft said through a spokesperson that the stolen credentials are an unfortunate reality but that it had measures in place to detect account compromise.