During the last week, the BBC has been reporting that several popular webmail providers are investigating a report that millions of their users’ login details are being shared online by a hacker. Google Gmail, Yahoo Mail, Microsoft Hotmail and Mail.ru are among the services said to have been affected. The security firm (Hold Security) that flagged the issue said that it believed many of the usernames and passwords involved had not been leaked before, however, it is not clear whether users’ accounts have actually been breached.
Hold Security said it had obtained a total of 272 million unique pairs of email addresses and unencrypted passwords from the hacker, 42.5 million of which the company had not seen in earlier leaks.
Even if many of the credentials are out of date or inaccurate they could still be abused, the company warned. Microsoft said it had measures in place to identify compromised accounts. “[We would require] additional information to verify the account owner and help them regain sole access,” said a spokesman. Google said: “We are still investigating, so we don’t have a comment at this time.” And Yahoo added: “We’ve seen the reports and our team is reaching out to Hold Security to obtain the list of accounts now. We’ll update going forward.”