The massive email hack ... or was it?
By Digital News Asia May 10, 2016
- Security firm claims hack of major email services
- But most of the accounts are inactive or bogus
IT was panic stations last week after a not particularly well known security firm revealed that 272 million email accounts belonging to users of Gmail, Microsoft, Yahoo and other services had been exposed by a Russian hacker.
Even the usually sombre news services got into the action. Big data breaches found at major email services, warned Reuters, which broke the alarming news.
Within hours, the Internet had gone aflame with rehashed versions of the same news item. According to the security report, the list included logins to almost 23 million Gmail accounts.
It has now become clear that the emails recovered by Hold Security did not come directly from any hacks on the email providers. It appears as if they were collected by hackers over the years from other websites and merged into a single list.
“More than 98% of the Google account credentials in this research turned out to be bogus,” a Google representative stated. “As we always do in this type of situation, we increased the level of login protection for users that may have been affected.”
A similar story emerges from Mail.ru, Russia’s largest email service, which said that more than 99.98% of the accounts turned out to be invalid.
Yahoo Mail said, “Our security team has investigated and we don’t believe there is any significant risk to our users based on the claims shared with the press.”
Microsoft Hotmail has yet to comment.
Hold Security said the hacker had given it the list in return for mention on social media sites. This should have made it clear that it was not a professional operation and the hacker was more interested in public recognition.
Hold Security is now under fire for the way in which it went about publicising the purported hack. The normal industry custom is to approach the affected parties directly without publicity and get direct confirmation.
Instead, Hold Security chose to go public directly with the venerable Reuters as an accomplice. Even at the time of writing this article, Hold Security has not acknowledged that most of the emails in this ‘hack’ are bogus, inactive or invalid.
The company is still patting itself on the back for setting a new ‘record’ in retrieving stolen account details.
What the Hillary Clinton email issue tells us about mobile security
Getting smart about email compliance
Sony hack not an anomaly: CyberArk on what’s expected in 2015
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.