Support NeoGAF

[xkramz]

Tens of millions of usernames and passwords for Gmail, Hotmail and Yahoo email accounts have been hacked and details traded online, according to a security expert.

Data from around 97 million accounts have been stolen as part of a huge cyber attack that is thought to affect around 272.3 million users worldwide, said Alex Holden, founder and chief information security officer of Hold Security.

In one of the biggest data breaches in years, the information is being traded in Russia’s criminal underworld for next to nothing, it has been claimed.

It is thought that credentials from around 40 million Yahoo Mail accounts, 33 million Hotmail accounts and 24 million Gmail accounts have been accessed.
But the majority of the usernames stolen are from Russia’s most popular email service Mail.ru

A Microsoft spokesman said stolen online credentials was an unfortunate reality. ‘Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access.’


Yahoo and Google did not respond to requests for comment.

A Mail.ru spokeswoman said it was checking whether the email combinations match those still actively in use.


Hack my penis pics if old.






Source

 

[lastplayed]

Can they get around the 2 step verification?

 

[thecosmicfly]

So you're saying my AOL account is safe?

 

[Flandy]

I use all 3 of those

 

[NCR Redslayer]

What do i do now

 

[Fat4all]

Lovely.

 

[Stinkles]

Enjoy my hgtv contest entries suckaz

 

[Suikoguy]

Eh, this could mean any number of things.

 

[Syriel]

Enjoy my hgtv contest entries suckaz

BRB, gotta go play some Haloz as Stinkles.

 

[~Kinggi~]

uh how do i know if my account has been hacked?

 

[Bare Grills]

Gonna have to change my passwords again

 

[Cow Mengde]

Great, do they have my password or something? My gmail and my youtube account is the same.

 

[Fat4all]

At this point, everyone's personal information should be posted online, but the only way you'll be able to verify anything is to go into an internet store and sign for it in person.

Like a DMV for the internet.

Bring in three different identifications to sign up for Netflix.

 

[AlexBasch]

I also use two-step, it should be safe...right?

 

[daveo42]

My Yahoo account is a wasteland of spam and ads. I haven't used that for anything even remotely sensitive or useful in several years.
I think I have a Hotmail account for spam as well?
Gmail has 2-step implemented there, so I'm fine unless they somehow can get around that.

 

[Az987]

Is this the story about some Russian kid handing it over to a security firm for free but only if they liked his Facebook page?

 

[TheSaddestSort]

Hope 2-step is enough to keep them out ...

 

[Admiral Woofington]

Taking your email means you're basically fucked, if they figure out your information they can ask for any major shit to change password.

 

[SchrodingerC]

Well great, now I have to change my passwords yet again.

 

[JordanN]

What do i do now

Back to using pigeons.

 

[TheAbsolution]

And this is why two step is my best friend.

 

[Lima]

Well great, now I have to change my passwords yet again.

Which is like a one minute process with a password manager or in the case of 1password and lastpass they have automatic password changes so it takes one click.

 

[Agent Cooper]

Changed my password and made sure my two-step was a still a thing. (It is.)

Any way we can find out if our data personally was taken yet?

 

[cameron]

Data from around 97 million accounts have been stolen as part of a huge cyber attack that is thought to affect around 272.3 million users worldwide, said Alex Holden, founder and chief information security officer of Hold Security.

What kind of yuge cyber attack? Malware and phishing?

 

[Conkersbadfurday]

Wondering what the odds are that I've been hit

Ugh. Should just go change the important gmail account emails.

 

[Walter White Walker]

It sounds like this mostly affects Russians?

 

[Futureman]

is this a reliable source? The ad banner covers up their name so they don't know how to code a website, not sure if I trust this news that isn't reported anywhere else.

 

[Dishwalla]

Well my Gmail hasn't had a device log into it that it doesn't recognize, just checked and the only devices that have signed on recently are my laptop and phone. But I do have 2 step verification on, so theoretically I would be notified if someone did try and access my account.

 

[cameron]

is this a reliable source? The ad banner covers up their name so they don't know how to code a website, not sure if I trust this news that isn't reported anywhere else.

Reuters is also reporting: "Exclusive: Big data breaches found at major email services - expert"

 

[Cow Mengde]

Which is like a one minute process with a password manager or in the case of 1password and lastpass they have automatic password changes so it takes one click.

Can these tools be hacked?

 

[Linkyn]

Meh. They can't really do anything unless they get to my university mail, as well. At any rate, changed the password, just for good measure.

 

[Slayven]

Where were they stolen from, the article is terrible

 

[Zeyphersan]

Just turned 2 step on for gmail, just in case

 

[Genryu]

I'm glad I have two-step on for absolutely anything that supports it.

 

[spindashing]

Two step is the best there is, the best there was, and the best there ever will be.

 

[Trevelyan]

I've been dealing with the repercussions of this at work, unfortunately =(

It really fucking sucks.

 

[QuiteWhittle]

All of my passwords are unique and I see no suspicious activity on any accounts but I changed them anyway.

 

[The Albatross]

Can these tools be hacked?

Not really. Can't explain here but search for any password manager threads here. It's the first question everybody asks and there's always very complex answers, many times from me

 

[davidwhangchoi]

Two step is the best there is, the best there was, and the best there ever will be.

until you get heartbreak kid.

 

[Cipherr]

2 step.

Get wrecked.

 

[daveo42]

I think I'll let me yahoo account die at this point if it's been breached. The password reset process is a nightmare if you ever linked it to AT&T's service. Change a password and it changes on one end but not the other. Constant redirects for password changes that go nowhere. I'd love nothing more than to nuke that account and everything attached to.

 

[User1608]

Well, done changing my passwords. Already had the two-step verification stuff just in case too.

 

[kaname-san]

Russia is kicking our asses in cyber

 

[KingBroly]

I think I have 2-step on my Hotmail account...dunno about Gmail, since I barely use it.

I don't really wanna change my Hotmail password again, since I just changed it a month ago.

 

[7DollarHagane]

Everyone should know that these hacking groups have more passwords and logins than they have time to use. Security online will always be paper thin and changing your password or freaking out about fraud purchases doesn't make any sense.

The cost of fraud is already factored into the things you buy. It's basically like shoplifting on a bigger scale now. The retailers, banks and credit card companies plan to lose such amount due to fraud and make it up in fees or interest or higher cost of goods.

There's no point freaking out about this stuff.

 

[Altazor]

changed password and added 2-step, just in case.

 

[bananafactory]

Well....shit

If I use the same email + password combo for every single site and service I'm registered on, does that mean I should change all of them?

 

[MIMIC]

Considering that I wasn't even able to get into MY OWN FUCKING ACCOUNT when I logged into a computer at Kinkos, hopefully it can keep someone else out.

 

[Nowise10]

Huh. Yesterday in my Hotmail email I received an email from GameStop saying my password was successfully changed. But that was the only email, not previous one saying to confirm a new password, or to click a new link to set a new password. just the email saying It was changed successfully.

Snooped around in my "Deleted" emails to see if something fishy was going on, and an email was deleted from my inbox like 30 minutes prior to the GameStop one, from an unknown sender, with no subject and no contents.

Either way I changed my password, I don't know what happened or went on. I have two-step on so I didn't really think someone got into it.

 

[Fat4all]

Well....shit

If I use the same email + password combo for every single site and service I'm registered on, does that mean I should change all of them?

Yes.

Also, that's a bad idea in general.

That's something my mother would do.