Massive data breach means it might be time to change your email passwords again

Gmail and Yahoo among those affected

Update: Google has told techradar that it's investigating the breach and has no comment for the time being. We've also contacted Microsoft and are waiting for a response.

Original story follows...

Reuters is reporting on a huge data breach involving "hundreds of millions" of hacked usernames and passwords, covering services such as Gmail, Yahoo, Hotmail and Russia's Mail.ru.

Apparently the stolen credentials are being traded around the Russian criminal underworld.

According to cybercrime expert Alex Holden, who has previously uncovered breaches at Adobe, JP Morgan and Target, the bulk of the swiped data was from Mail.ru, though some covered large banking, manufacturing and retail companies in the US.

At the time of writing it's not clear how genuine or how recent the username and password combinations are, but Holden called it a "potent" batch of information. He warned that the stolen credentials could be abused multiple times by hackers.

Get yourself protected

If you're on Gmail, Yahoo or Hotmail then the best course of action is to change your password. You should also set up two-step verification on all these services, which means you're asked for an extra mobile code as well as your password whenever you log in on a n new computer or device.

As yet there's been no official response from Yahoo or Google. A Microsoft spokesperson said stolen credentials was an unfortunate reality but that it had measures in place to detect account compromise (one of which is two-step verification).

Bizarrely enough, the hacker who was hawking round these credentials agreed to give them to Holden for free in return for some publicity. It's likely there's more news to come on the breach, and we'll post details as we get them.

iPhone lost or stolen? Here's how to track it down:

Tags