Alex Holden is one of the good guys. You’ve probably never heard of him, but he works for Hold Security, and spends his time in the dark corners of the internet, scouting out what data the hacking community has for sale.
Holden’s latest finding shows that a hacker was selling an extensive database containing the user names and passwords for more than a quarter of a million free email accounts, all for less than a dollar. Roughly 33 million of the passwords were for Hotmail accounts. Another 40 million were for Yahoo accounts, and 25 million were for Gmail accounts. There were plenty of others besides, but the major point here is that if you use a free email service, it’s possible your name is somewhere in the database.
Of course, in terms of scope and scale, given that Gmail alone has more than a billion users, this breach was relatively small as a percentage of total accounts, but in absolute scale, some 270 million user accounts and passwords is a massive breach by any definition.
If you use a free email service, even if it’s not one of the big names mentioned above, to be safe, change your password immediately. Unfortunately, many people tend to reuse passwords, and if your email password is the same as the password to your bank account, not changing your password could be setting yourself up for huge financial pain down the road.
Most email services also offer two-factor authentication at this point, and you would be well served by activating that feature. Of course, it goes without saying that the password to access your bank account should be different from the one you use to log onto your email account, so the short answer is – change your password today, or put your financial information at risk!
We have updated this post and it appears this isn’t as bad as the initial announcement.