SIT-Securityecurity firm “Holding Security” reported on May 4th that they had possession of a massive database (273 Million) of usernames and passwords from the world’s major email providers including Mail.ru, Yahoo, Gmail, and Outlook.  Since clients may read about this and worry, Neoscope wanted to address your concerns and use this opportunity to remind you of best password practices as well as some advanced security practices available to you on most of the reported email providers allegedly breached.

First a few of the reported data points on this breach:

  • Of the 273 Million, mail.ru had the largest cache of accounts which after deduplication amounted to just over 50 million addresses.
  • Many experts believe none of the major Email Providers in the US (Yahoo, Outlook, Hotmail, and Gmail) store usernames and passwords in a clear readable form.  Thus any hacker would have had to steal databases of password hashes and then had to crack them the reveal the true password.  This process is slow, painful and time-consuming work.  For long and complex passwords (14 – 24 characters with complexity) becomes very difficult to crack.

Summary: it is unlikely that anyone with a strong password would have it compromised and stolen in this breech.

Password Advice:

  1. To be 100% secure, log into your public email accounts and change your password to something long and strong.  Watch this password training video on YouTube to learn all about “picking proper passwords” for a 3-minute tutorial:  https://www.youtube.com/watch?v=pMPhBEoVulQ
  2. Each of these public email providers offer strong two-factor authentication which sends a text message to your phone or one-time-use code to an alternate email account.  This largely eliminates the ability for hackers to breech passwords and log into your account.  Set this up today for your account(s).
  3. Use this as the impetus to download and start using a free Password Manager to enable your use of long random complex passwords for all of your online accounts.   Dashlane, LastPass are two recommended options for free personal use password managers.

http://www.reuters.com/article/us-cyber-passwords-idUSKCN0XV1I6

https://nakedsecurity.sophos.com/2016/05/05/more-than-250-million-email-accounts-breached-maybe/