Emails have been hacked and your passwords aren't safe. And while a data breach seems to happen every month or so, this one is for real. Seriously, this particular hack is going to take down all your accounts, and your important information is going to be in the hands of Russian mobsters by the end of the afternoon.
Now that tensions have been relieved with a comedic tone, this data breach is actually pretty serious. As Reuters reported earlier this morning, it is one of the largest breaches since US banks and retailers dropped the online security ball two years ago. A hacker in Russia stole over 272 million email accounts. Google, Yahoo and Hotmail were among those hacked in addition to Mail.ru, Russia's most popular emailing service.
Alex Holden, founder and chief information security officer of Hold Security, was the information source for the data breach. He stated that the discovery came after Hold Security employees found a young Russian hacker bragging in an online forum that he had stolen the IDs and passwords of billions of email users around the world. After ruling out duplicates and inactive accounts, it was decided that approximately 272 million users were at risk.
“This information is potent. It is floating around in the underground and this person has shown he's willing to give the data away to people who are nice to him,” said Holden, the former chief security officer at R.W. Baird. “These credentials can be abused multiple times.”
The strangest thing about this breach, as Holden mentioned, is the immaturity of the hacker in question. Not only is he deemed a “young Russian hacker,” but he was also asking for 50 roubles for every single account. That is less than a single dollar. Even stranger, the young Russian hacker ended up lowering his price from “50 roubles” to “favorable comments from Hold Security on reputable hacker forums.” Yes, this hacker traded his bounty for a better reputation. And you would think a nod from Reuters would be enough for him.
Fortunately, most of these accounts can be secured by changing passwords. The damage should be minimal and nothing more than a few identity thieves will come away with anything more than a few bucks. Mail.ru, the biggest loser in this situation, is even keeping their cool under pressure.
“We are now checking, whether any combinations of usernames/passwords match users' e-mails and are still active,” said a representative to Reuters.