humongous data breaches at major mail services - Hotmail, G-Mail, Yahoo Mail and Mail.ru

[suicidalfranco]

1 hour ago, deviant88 said:

its AMD fault, theres no security on the web to begin with barely any, unless we reinvent the web if theres anything we can do to begin with

Nah, It's AMD's fault cause the haxxor was using a laptop powered by an AMD APU

[Crosseyed Sniper]

How come GMail and Yahoo hasn't sent us an email telling us to change our passwords? I've heard nothing from them.

[Photonic]

I will never being be using 2-step authentication as it is stupid thatou have to always use your phone to login in to a  account

[dalekphalm]

1 hour ago, Crosseyed Sniper said:

How come GMail and Yahoo hasn't sent us an email telling us to change our passwords? I've heard nothing from them.

It really depends on how the data was compromised.

 

Were Google servers breached? Were password files stolen and decrypted?

 

Or were these farmed and harvested from malware infected computers that logged into one of the above sites?

[GoodBytes]

4 minutes ago, dalekphalm said:

It really depends on how the data was compromised.

 

Were Google servers breached? Were password files stolen and decrypted?

 

Or were these farmed and harvested from malware infected computers that logged into one of the above sites?

Or simply lying.

[Crosseyed Sniper]

I went ahead and changed mine. I guess it was time for a pw change, anyway.  So long ABCD123, you were a good pw. 

[dalekphalm]

47 minutes ago, Crosseyed Sniper said:

I went ahead and changed mine. I guess it was time for a pw change, anyway.  So long ABCD123, you were a good pw. 

That.... Was not a good password lol

[HelplmChoking]

Yay for iCloud Mail  I doubt the reliability of this, and everything is 2-factor these days anyway.

[Crosseyed Sniper]

45 minutes ago, dalekphalm said:

That.... Was not a good password lol

Do NOT believe everything you read on the internet. 

[DXMember]

On ‎04‎.‎05‎.‎2016‎. at 9:43 PM, GoodBytes said:

Sorry, but companies don't have alert sirens when it detect someone hacking their server.

They only know after doing investigative work in looking at connections, and strange behaviors.

 

Also, anyone can say  "I have all xyz logins", doesn't means that they do. Any kid desperate to showoff and like to sound "cool" can say that.

I like to see proof of his claims.

 

only part of those logins was unique, other part was fake, and the smaller part was either public knowledge or already released earlier even smaller part was legit not known before logins

oh... did I mention the guy was selling those 1.7bil logins for 50 Russian Rubles and likes on social media?

http://www.tomshardware.com/news/gmail-hotmail-yahoo-email-hacked,31743.html

 

yellow press at work again, nothing major

[EonityLuna]

I read this on Reuters this morning. I'm concerned but until I can verify that my accounts are not in the list I may not be taking action; changing passwords are always a hassle to me, and coming up with good ones within the arbitrary restrictions some sites put up is extremely taxing for me.

Edit: seems like Microsoft changed their password policy, and now I can use passwords longer than 16 characters. Perfect, going to go review my passwords now.

[LukeTim]

15 hours ago, dalekphalm said:

That.... Was not a good password lol

"ABCD123" is bound to be well within the first 100 passwords you'd try in a dictionary attack.

[apm]

1 hour ago, eXAKR said:

I read this on Reuters this morning. I'm concerned but until I can verify that my accounts are not in the list I may not be taking action; changing passwords are always a hassle to me, and coming up with good ones within the arbitrary restrictions some sites put up is extremely taxing for me.

Edit: seems like Microsoft changed their password policy, and now I can use passwords longer than 16 characters. Perfect, going to go review my passwords now.

just use lastpass/keepass and let it generate a password for you.

people should change the password on a regular basis anyway.

[Tylerr]

are we talking about the email sites (google\hotmail\yahoo) getting hacked directly or just accounts being leaked from the hacks of other sites?

 

because i don't use the same passwords for anything.

 

found this, it says this might be a hoax.

 

http://www.engadget.com/2016/05/05/russian-email-provider-hack-update/

[ZetZet]

On 5/5/2016 at 0:16 AM, Crosseyed Sniper said:

How come GMail and Yahoo hasn't sent us an email telling us to change our passwords? I've heard nothing from them.

Yahoo said it's bullshit. Google still investigating, so probably bullshit. 

[Lurick]

According to the Google and others, 98% of the leaked credentials are crap

 

https://tech.slashdot.org/story/16/05/07/142226/amid-data-breach-google-mailru-and-yahoo-claim-98-of-leaked-credentials-bogus

[zMeul]

4 minutes ago, Lurick said:

According to the Google and others, 98% of the leaked credentials are crap

 

https://tech.slashdot.org/story/16/05/07/142226/amid-data-breach-google-mailru-and-yahoo-claim-98-of-leaked-credentials-bogus

they still have 1/2mil that aren't "crap" - gg google, NOT! 

[GoodBytes]

Yup, here is ars talking about it.

Looks like it is complete crap, as expected. Usually when these kind of attacks happen, they show proof. But here none, and the affected company can't find anything, all of which (well I don't know about Mail.ru), have centers filled with experts in security to detect any claimed attacked, and in teh case of Microsoft and Google, monitor online attacks (for their OS protection and services).

http://arstechnica.com/security/2016/05/the-massive-password-breach-that-wasnt-google-says-data-is-98-bogus/

 

If they can't find anything, it isn't some kind of "special" "new"attack that is undetectable.. it isn't a movie.

 

But regardless, it is always good to change your password every now and then, and have 2 step authentication.

 

[DXMember]

10 minutes ago, GoodBytes said:

Yup, here is ars talking about it.

Looks like it is complete crap, as expected. Usually when these kind of attacks happen, they show proof. But here none, and the affected company can't find anything, all of which (well I don't know about Mail.ru), have centers filled with experts in security to detect any claimed attacked, and in teh case of Microsoft and Google, monitor online attacks (for their OS protection and services).

http://arstechnica.com/security/2016/05/the-massive-password-breach-that-wasnt-google-says-data-is-98-bogus/

 

If they can't find anything, it isn't some kind of "special" "new"attack that is undetectable.. it isn't a movie.

 

But regardless, it is always good to change your password every now and then, and have 2 step authentication.

 

I know right? It's like in that tomshardware article from yesterday or something