Millions of emails stolen and sold for 1 euro: however many passwords do not work

A few days ago we reported the case of the stolen millions of email accounts from a Russian hacker and resold to a figure which we can define as negligible. The extent of the phenomenon seemed enormous, with the theft which covered 272 million full account credentials for access from the most important service provider: Mail.ru, Yahoo, Hotmail and Gmail. When we talked about it last Thursday we were still waiting for the official responses of the companies involved.

Response that arrived last weekend, downsizing - but not completely eliminating - the danger of what happened. Yahoo, Google and Mail.ru say it is highly unlikely that your personal account has actually endangered dall'hack. Most 272,300,000 passwords, in fact, would seem to be linked to the corresponding e-mail account even if the password could be used for other services not otherwise specified.

The leaked data could become dangerous if the user uses the same credentials to access e-mail account: "Our security team has investigated the case and we do not believe there are significant risks with respect to our users" he said commenting on the Yahoo case. Mail.ru has gone further, releasing some statistics: only 0.018% of the passwords stolen (on 57 million accounts) allow access to the account related.

"The database is most likely a collection of some dump of old data collected hacking Web services where people are using e-mail address to register," said Madina Tayupova spokesman Mail.ru. Google also found similar results: "More than 98% of the credentials of the research Google account is false," wrote the company. "As we usually do in these cases, we have raised the level of protection for access to users who may have been involved."

Alex Holden, a cybersecurity expert who discovered the case, describing it last week with Reuters, however, that there is still reason to be worried. The password may not match email accounts of the companies, but could be used to "hundreds of thousands" of other services, such as Twitter or Facebook, as users keep the bad habit of using the same password to access different services between them.

It is one of the basic practices to do absolutely if you want to keep safe your data on the web. We know that it may seem impossible to remember them all, but we must consider that can accomodate the many password management tools that allow you to save them all under one service. In short, the problem of the 272 million e-mail accounts appear to be downsized, with the providers revelations, but not entirely eradicated.

Missing at the time of writing the Microsoft report, for its e-mail service Hotmail, which was also involved in the case.