When was the last time you changed your Gmail password?
It’s probably been a while huh?
As if you really needed yet another reason to change your password from time to time, it comes now, thanks to a Russian hacker offering passwords for tens of millions of email accounts.
Over 42 million new email accounts exposed
Investigators at the cyber security firm Hold Security, whose impressive CV includes the discovery of the Target and Adobe security breaches, have managed to obtain an enormous list containing the access details to some 272 million email accounts.
The details, which are not encrypted, include the users’ email addresses and passwords, allowing anyone, even those without any technical knowledge, to enter unimpeded into the victims’ email accounts.
Out of all the accounts the investigators have obtained, 57 million accounts belong to Mail.ru, the most popular email service in Russia; 40 million are from Yahoo!Mail; about 33 million accounts belong to Hotmail, and 24 million accounts belong to Gmail.
Out of these accounts, the investigators found that 42.5 million hacked accounts were new and have not been viewed before by the users. So while some of the email accounts are old and the users have since changed their passwords, many users are still in danger without even knowing it.
However, it seems as if the most bothering notion is how easy and trivial it is for anyone to obtain this information. The Russian hacker that put the email account list up for sale was asking for only 50 roubles for the entire list. That’s less than $1 for more than 272 million email addresses. However the hacker backed down from his asking price after the investigators, who disguised their identity, wrote supportive posts about him in forums and gained his trust, who then gave them the list for free.
How can you protect yourself?
Assuming it wasn’t your account that has been hacked this time, it is recommended to change the password every few months. However, the most efficient step is to start using a Two Step Verification system. Once you activate this feature, any unidentified entrance – for example from a new computer, an unfamiliar smartphone or a different country – will not be possible without entering a code that you receive on your smartphone. This is a process that takes 1 minute, at most, and is highly recommended for all of your web services, including email, social networks and cloud storage.
Read more about protecting your accounts with free services like LogDog.