Let’s take a break from food recalls and move on to data breaches with today’s latest: Millions of usernames and passwords for Hotmail, Yahoo Mail, Gmail, and Mail.ru have been stolen. I just changed my Gmail password as a precaution — and it doesn’t hurt to go through and change yours periodically in any case, and to make your email password different from banking and other sensitive account passwords. From the Reuters article:
After eliminating duplicates, Holden said, the cache contained nearly 57 million Mail.ru accounts – a big chunk of the 64 million monthly active email users Mail.ru said it had at the end of last year. It also included tens of millions of credentials for the world’s three big email providers, Gmail, Microsoft and Yahoo, plus hundreds of thousands of accounts at German and Chinese email providers.
Hackers know users cling to favourite passwords, resisting admonitions to change credentials regularly and make them more complex. It’s why attackers reuse old passwords found on one account to try to break into other accounts of the same user.
Another article says that the email addresses and passwords were actually harvested from third party websites rather than the email services themselves, and this largely affects those who use the same password for multiple sites. Either way, it’s a good reminder to update passwords and to make your passwords for banking and other sensitive sites different than others.