Users are hesitant to change let alone have unique passwords for all online accounts.
Advertisement
Security researchers apparently came across a Russian hacker that was bragging about stealing a huge amount of account information, claiming to have over 1 billion accounts, according to the security researchers.
Russian email provider Mail.ru is casting doubt on the authenticity of the 272 million “stolen” email credentials reported by Reuters on Thursday, May 5.
Emails have been hacked and your passwords aren’t safe.
The credentials were recovered from what Holden said was a “kid from a small town in Russia”.
Alex Holden, Hold Security’s founder, also clarified that the data appeared to be a “collection of different breaches”. A full 12.4 percent of the remaining accounts had already been marked as suspicious and blocked by Mail.ru, the company said, meaning that its system considers them either hacked or controlled by a robot.
“The confirmations that we’re now seeing from Mail.ru confirm what was obvious from the outset – the data is fake”, said Troy Hunt, a security expert and creator of the site Have I Been Pwned?
Google and Yahoo did not immediately respond to requests for comment. “We are now checking, whether any combinations of usernames/passwords match users’ e-mails and are still active”, the company told Reuters.
A Microsoft spokesman said stolen online credentials were an unfortunate reality in the digital age. Additionally, there were also thousands of usernames and passwords reportedly belonging to USA banking, manufacturing, and retail employees.
His firm studies cyber threats playing out in the forums and chatrooms that make up the criminal underground, speaking to hackers in their native languages while developing profiles of individual criminals. Hold Security contacted the affected email providers. Because the hacker vacuumed up data from many sources, researchers have dubbed him “The Collector”.
Advertisement
Data breaches are often fabricated, Hunt explained, frequently by someone who hopes either to sell the data or to build a reputation based on having allegedly stolen it.
