- Alex Holden, founder and chief information security officer of Hold Security found the leak, he is also the man that discovered the largest data breach of all time.
- Holden found the leak after he saw a young Russian hacker (now known as ‘the collector’) – bragging about the information haul in an online forum and offering access for under $1 (around 50p) or free if Holden talked about him on some forums.
- Stolen online account credentials are to blame for 22 percent of big data breaches
- If you don’t change your password often then you’re an idiot
- If you use the same password for important websites you’re an idiot
- Holden’s company have informed the relevant companies about the breach BUT that doesn’t mean you’re safe if your email/password is the same on other websites you risk unauthorised access.
“This information is potent. It is floating around in the underground and this person has shown he’s willing to give the data away to people who are nice to him,”
“These credentials can be abused multiple times,” Holden said.
Mail.ru spokeswoman Madina Tayupova told Reuters:
“We are now checking whether any combinations of usernames/passwords match users’ emails and are still active.
“As soon as we have enough information we will warn the users who might have been affected,” she said, adding that Mail.ru’s initial checks found no live combinations of usernames and passwords that match existing emails.
A Microsoft spokesman said:
“Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access.”
Google & Yahoo are yet to respond but most likely are working on it.
What should I do?
- Change your passwords
- Ensure your passwords are not the same for your important accounts
- Turn on Two-Factor Authentication for your important websites
- Check to see how secure your password is
- Install a Password manager (1Password or LastPass) which will generate extremely secure passwords
- Learn how to avoid scammers