Less than two weeks ago, there was panic in the cyberspace. A Wisconsin cybersecurity company claim it persuaded a hacker to give up a huge database of emails and their logins.
According to Guardian UK, the passwords and email addresses, which include some from Gmail, Yahoo and Russia’s mail.ru service, aren’t necessarily the keys to millions of email accounts. Rather, they had been taken from various smaller, less secure websites where people use their email addresses along with a password to log in.
Before you start panicking, the company said people who use a different password for both their email account and, say, Konga.com, won’t be affected. But those who tend to use the same password for multiple sites as well as their email should change their email password.
But if you are among those folks who “use one key for everything in their house,” Hold Security founder Alex Holden says. “Some people have a huge set of keys that they use for each door individually.”
Holden said there is no way for consumers to check if their emails were included in his firm’s latest find. In 2014, when his firm tried to set up such a service after obtaining a billion hacked login credentials, his site crashed.
The hacker appears to have been largely targeting Russian users. Some 57m of the email addresses were for the country’s largest email provider mail.ru, which claims 100 million monthly users. Around 40m of the addresses were Yahoo Mail, 33m Hotmail and 24m for Google’s Gmail service.
In this case, the hacker had been bragging on internet chat forums that he had a treasure trove of login credentials that he was trying to sell. Holden, who is fluent in Russian, said he wouldn’t pay for the data but would give him “likes” on various social media posts in exchange.
As an advice, always follow simple rules of password handling and usage. Create different passwords for different accounts. You can use a note app such as Google Keep, to keep all passwords so that you can easily recall it anytime you need it.
