Microsoft, Yahoo, Google, and a few other Chinese email providers are a part of a larger hacking of 272 million email accounts, offered to Alex Holden of Hold Security Firm for the sum of 50 rubles, or less than $1. Holden reports that while browsing through a Russian hacker forum, a user calling himself “the Collector”, bragged that he was ready to give away the credentials, a number which totaled 1.17 billion records. Holden declined the offer, but was given the data in exchange for a positive review on a hacker forum.
“This information is potent. It is floating around in the underground and this person has shown he’s willing to give the data away to people who are nice to him. These credentials can be abused multiple times,” said Holden.
Alex Holden, well known for being pivotal in exposing attacks on users at Adobe Systems, JPMorgan and Target, and his firm deleted duplicate accounts once the data was in hand, reducing the number of accounts to just 272.3 million. Mail.ru, Russia’s biggest email provider of 64 million users, had 57 million passwords exposed in the hack. Yahoo followed with 40 million accounts exposed, Microsoft with 33 million, and Google with 24 million. When asked for statements, only Microsoft has responded so far, emphasizing it’s 2-step verification.
“Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access,”
With that being said, it might be a good idea to change your password if you want to be on the safe side, and maybe make sure that two-step verification is a feature that you’re taking advantage of.