Hacker collects 272m email addresses and passwords, some from Gmail

The internet on Wednesday gave you another reminder that everyone has been hacked.

Hold Security, a Wisconsin-based security firm famous for obtaining troves of stolen data from the hacking underworld, announced that it had persuaded a fraudster to give them a database of 272-million unique email addresses along with the passwords consumers use to log in to websites. The escapade was detailed in a Reuters article.

It might sound bad, but it is also easily mitigated.

The passwords and email addresses, which include some from Gmail, Yahoo and Russia’s mail.ru service, aren’t necessarily the keys to millions of email accounts. Rather, they had been taken from various smaller, less secure websites where people use their email addresses along with a password to log in.

People who use a different password for both their email account and, say, Target.com, won’t be affected. But those who tend to use the same password for multiple sites as well as their email should change their email password.

“Some people use one key for everything in their house,” Hold Security founder Alex Holden says. “Some people have a huge set of keys that they use for each door individually.”

Holden said there is no way for consumers to check if their emails were included in his firm’s latest find. In 2014, when his firm tried to set up such a service after obtaining a billion hacked login credentials, his site crashed.

The hacker appears to have been largely targeting Russian users. Some 57-million of the email addresses were for the country’s largest email provider mail.ru, which claims 100-million monthly users. Around 40-million of the addresses were Yahoo Mail, 33-million Hotmail and 24-million for Google’s Gmail service.

In this case, the hacker had been bragging on internet chat forums that he had a trove of login credentials that he was trying to sell. Holden, who is fluent in Russian, said he wouldn’t pay for the data but would give him “likes” on various social media posts in exchange.

The hacker, who apparently is quite young, agreed. “We kind of call him the collector,” Holden says in a heavy Russian accent. “Eventually, almost everyone gets breached.” – – © Guardian News & Media 2016


These are unprecedented times, and the role of media to tell and record the story of South Africa as it develops is more important than ever. But it comes at a cost. Advertisers are cancelling campaigns, and our live events have come to an abrupt halt. Our income has been slashed.

The Mail & Guardian is a proud news publisher with roots stretching back 35 years. We’ve survived thanks to the support of our readers, we will need you to help us get through this.

To help us ensure another 35 future years of fiercely independent journalism, please subscribe.

Danny Yadron
Danny Yadron works from San Francisco. @guardian & @wsj alum. Stanford Law, J.D. candidate 2019. Everything now is off-the-record, but the third-party doctrine may apply. dyadron at stanford. edu. Danny Yadron has over 9339 followers on Twitter.
Advertising

SANDF inquiry clears soldiers of the death of Collins Khosa

The board of inquiry also found that it was Khosa and his brother-in-law Thabiso Muvhango who caused the altercation with the defence force members

Inside Facebook’s big bet on Africa

New undersea cables will massively increase bandwidth to the continent

No back to school for teachers just yet

Last week the basic education minister was adamant that teachers will return to school on May 25, but some provinces say not all Covid-19 measures are in place to prevent its spread

Lockdown relief scheme payouts to employees tops R14-billion

Now employers and employees can apply to the Unemployment Insurance Fund for relief scheme payments
Advertising

Press Releases

Road to recovery for the tourism sector: The South African perspective

The best-case scenario is that South Africa's tourism sector’s recovery will only begin in earnest towards the end of this year

What Africa can learn from Cuba in combating the Covid-19 pandemic

Africa should abandon the neoliberal path to be able to deal with Covid-19 and other health system challenges likely to emerge in future

Coexisting with Covid-19: Saving lives and the economy in India

A staggered exit from the lockdown accompanied by stepped-up testing to cover every district is necessary for India right now

Covid-19: Eased lockdown and rule of law Webinar

If you are arrested and fined in lockdown, you do get a criminal record if you pay the admission of guilt fine

Covid-19 and Frontline Workers

Who is caring for the healthcare workers? 'Working together is how we are going to get through this. It’s not just a marathon, it’s a relay'.

PPS webinar Part 2: Small business, big risk

The risks that businesses face and how they can be dealt with are something all business owners should be well acquainted with

Call for applications for the position of GCRO executive director

The Gauteng City-Region Observatory is seeking to appoint a high-calibre researcher and manager to be the executive director and to lead it

DriveRisk stays safe with high-tech thermal camera solution

Itec Evolve installed the screening device within a few days to help the driver behaviour company become compliant with health and safety regulations