Researchers nab millions of stolen credentials for Gmail, Hotmail, Yahoo, banking
Source: Reuters
Whats the going rate for usernames and passwords of 272.3 million stolen accounts, many of which are email accounts? A young Russian hacker wanted 50 rubles, which is less than $1, but ended up handing over the data after researchers posted positive comments about him in social media.
Many of the hundreds of millions of hacked usernames and passwords for email accounts and other websites, were for Russias Mail.ru, according to Reuters, but some Google, Yahoo and Microsoft email users were also affected.
Breakdown of stolen credentials
As for the breakdown, Alex Holden, founder and chief information security officer of Hold Security, told Reuters, 40 million, or 15% of the 272 million unique IDs, were Yahoo Mail credentials; 33 million, or 12%, were for Microsoft Hotmail accounts; 24 million, or 9%, were from Gmail.
Read more: http://www.computerworld.com/article/3065360/security/researchers-nab-millions-of-stolen-credentials-for-gmail-hotmail-yahoo-banking.html
https://www.yahoo.com/news/exclusive-big-data-breaches-found-major-email-services-130109231--finance.html
bemildred
(90,061 posts)Hundreds of millions of hacked usernames and passwords for email accounts and other websites are being traded in Russias criminal underworld, a security expert said.
The discovery of 272.3 million stolen accounts included a majority of users of Mail.ru, Russias most popular email service, and smaller fractions of Google, Yahoo and Microsoft email users, said Alex Holden, founder and chief information security officer of Hold Security.
It is one of the biggest stashes of stolen credentials to be uncovered since cyber attacks hit major U.S. banks and retailers two years ago.
Holden was previously instrumental in uncovering some of the worlds biggest known data breaches, affecting tens of millions of users at Adobe Systems, JPMorgan and Target and exposing them to subsequent cyber crimes.
http://www.financialexpress.com/article/tech/big-data-breaches-found-at-major-email-services-like-google-yahoo-microsoft-mail-ru-expert/248592/
Kelvin Mace
(17,469 posts)I bought my own domain and run my own mail server.
bemildred
(90,061 posts)It's like leaving them out by the curb. The internet is a public space, and it should be approached that way. Your private life is private for a reason, because the intimate details of your life can be used against you, by criminals among others.
Kelvin Mace
(17,469 posts)Email is ubiquitous.
But, this is why I believe in hard passwords and hard encryption. Also, avoiding hanging around place (FB, GMail, big name banks, etc) that are huge target's off opportunity. Control as much of your own tech as you can.
Two people can keep a secret as long as one of them is dead.
bemildred
(90,061 posts)Because it's cheap, theoretically anyway.
I've run email servers, using sendmail, which is a software atrocity.
So I do what I have to and wait for the inevitable denouement when they have to get reasonable about it.
I do online banking sometimes, although they have (correctly in my view) made it much more difficult in the name of security. It's like protecting your PIN, you don't put your ATM PIN on the web, or flash it around carelessly. If you are going to fool around on the web, you need to be circumspect, everybody treats it like their own private club.
I tried online bill-pay a few times, use it occasionally, but only if they don't get too demanding and have good security.
I like your approach if one must go there, own the servers, use hard encryption, and know who you are dealing with and their security arrangements too.
But I prefer to minimize the problem and I am fortunate to be able to.
Kelvin Mace
(17,469 posts)Don't use the same password everywhere.
Geez, I don't know how many times I have to explain that to people.
What I like about owning my own domain is that I can set up a catch-all account, then make up burnable email addresses on the fly. At the end of this campaign season I can create a filter to delete all email sent to the address I gave out to political parties, and no matter how many times the address is shared or sold, I will never see anything after election season.
bemildred
(90,061 posts)If you just want to talk on the web it's not so tricky.
Have you ever thought about how many indiividual passwords you would need to set up all the online accounts that you are requested to do?
My memory is not that good.
Kelvin Mace
(17,469 posts)In that I maintain an encrypted file on a flash drive. My last count was 56 different passwords. The flash drive file password is a doozy with 31 characters. That one I remember, the rest i have the file.
Weirdly, these days a hard copy stored anywhere away from your computer is probably way safer, since people let there browser remember so many passwords.
Oh, and I keep my browser on a flash drive, which is unplugged when not in use.
bemildred
(90,061 posts)Not cheating is a lot fo work. Doing it "right" is very inefficient, wastes lots of time. For a technology that is promoted as labor saving and efficient that is a big defect.
Have you ever thought about how much time you spend making your computer work "right"? How much time you have to spend, before you get to use it for whatever you bought it for?
But I decided to stop doing things online, other than talk, It's just a lot simpler and safer, and I can still talk all I want..
Kelvin Mace
(17,469 posts)when I built my own. Also, loading the OS from scratch and not including all the crapware practically all computers come with these days does a hell of lot for system stability.
bemildred
(90,061 posts)I did that for about twenty years, 1985-2005, a new machine about every 3-5 years from scratch.
I preferred that to reconfiguring a commercial box to meet my needs, and I was very needy back then. Once DOS became Windows I just stopped using it and switched to FreeBSD. I wrote my own DOS keyboard drivers to get around Microsoft's interference before they prevented that sort of thing.
Now I run Ubuntu, mostly, behind NAT and a firewall. But I think the right people could still get in, if they really wanted to.
Kelvin Mace
(17,469 posts)but my day job is Windows, Windows, Windows.
But, I rebel where I can. My keyboard is a 1990 vintage Northgate with the function keys on the left where god intended them to be.
bemildred
(90,061 posts)I had one of those, I remember it, still keep a Logitech 101 around, they were robust. They have tolerance for a bit of coffee and a few crumbs.
That's part of why I was writing keyboard drivers, I wanted to make all those keys useful. And I did.
My wife uses Windows, has to, so I "support" her.
I have kept old windows boxes around to do taxes on, with the commercial software, but it's got to the point where that is not worth the trouble either, the new editable/printable PDF forms make it pretty easy, did it all by hand on Ubuntu and Libre Office this yeaar, but my taxes are getting simpler these days.
greymouse
(872 posts)bemildred
(90,061 posts)as long as you send a copy, not the original.
NV Whino
(20,886 posts)but don't I have to plan on running for president first?