[supposedly] 273 million passwords stolen from Google, Yahoo, Microsoft in major security breach
-
Here is one of dozens of articles - I didn't see a thread about this yet.
http://www.komando.com/happening-now/357041/top-story-273-million-passwords-stolen-from-google-yahoo-microsoft-in-major-security-breachTL;DR - Change your passwords. Just in case.
-
TL;DR: probably not a real thing
-
from the link posted
Cybersecurity experts estimate that The Collector has up to 1.7 billion email account passwords in his or her possession.
As it turns out, the Collector is trying to sell the personal details relating to an estimated 273 million email accounts.
Strangely, The Collector is asking for only $1 for the whole stash, but he or she is also asking for positive reviews to be posted on hacker forums.
$1 really? Sound fishy.
paranoid mode: DoS attack by social engineering ?
-
And nothing in HN first 60.
-
@cabrito there was one article that said Mail.RU looked at the three/thousand/million/billion email addresses and none of them had matching passwords.
-
The Reuters story lists one Alex Holden as the source, which makes this very similar to a story from two years ago. And another from a month before that.
-
@ben_lubar They are in conspiration !!! : tinfoilhat:
-
@MZH I'm from Wisconsin and I've never heard of Hold Security before. According to the internet archive, their website didn't even exist until the first supposed breakthrough.
-
@ben_lubar Brian Krebs vouched for Holden back in 2014, though:
Q: Who the heck is Alex Holden?
A: I’ve known Hold Security’s Founder Alex Holden for nearly seven years. Coincidentally, I initially met him in Las Vegas at the Black Hat security convention (where I am now). Alex is a talented and tireless researcher, as well as a forthright and honest guy. He is originally from Ukraine, and speaks/reads Russian and Ukrainian fluently. His research has been central to several of my big scoops over the past year, including the breach at Adobe that exposed tens of millions of customer records.
Q: Is this for real?
A: Alex isn’t keen on disclosing his methods, but I have seen his research and data firsthand and can say it’s definitely for real. Without spilling his secrets or methods, it is clear that he has a first-hand view on the day-to-day activities of some very active organized cybercrime networks and actors.
-
@LB_ said in [supposedly] 273 million passwords stolen from Google, Yahoo, Microsoft in major security breach:
Here is one of dozens of articles - I didn't see a thread about this yet.
hmm.... something's fishy here.... the details don't add up.....
@LB_ said in [supposedly] 273 million passwords stolen from Google, Yahoo, Microsoft in major security breach:
TL;DR - Change your passwords. Just in case.
it's been 2 years i suppose it is time for a longer password. Good bye sinatra lyrics, hello gilbert and sullivan lyrics.
-
Bad islamist terrorist hackers have stolen 20438540301 billion and eighty passwords. Check here if your account was amongst them: htttps://www.ipromiseiwontstealyourinformation.swearonmymothersgrave.ru
-
@accalia IAmTheVeryModel0fAModernWebDeveloper
-
@NedFodder something rather less well known of theirs.
:-P
or did i even give you the right composers? it would have been rather silly for me to give out my password hint, no?
-
I can't see how selling anything on a "hackers market" for $1 can be profitable. Surely the cost of sending money in an untraceable way, plus the risk of being scammed, plus the negative incentive of committing a felony all add up to something much higher than that?
-
@accalia said in [supposedly] 273 million passwords stolen from Google, Yahoo, Microsoft in major security breach:
it would have been rather silly for me to give out my password hint, no?
which we wouldn't have found had he been bound apprentice to a hunter.
-
So, looking around it seems like this wasn't a breach at all (no public statements from Google, Microsoft, or Yahoo) and more likely to be passwords from a phishing attack.
Here's a reddit thread on it:
https://www.reddit.com/r/xboxone/comments/4hwelz/psa_gmail_yahoo_microsoft_account_users_change/
-
@LB_ That's what I'm seeing too. Found an article at the guardian
-
TIL how fucking annoying it is to have to do the account recovery by SMS/email for every fucking Google and Microsoft account I possess, even though I already had super-strong passwords and entered them correctly.