A vast majority of the 272 million stolen passwords and email addresses allegedly in the hands of a Russian criminal have turned out to be false. This has been announced by Google, Yahoo and Mail.ru, three of the providers in question.
In an email to Ars Technica, Google says that more than 98 percent of the 23 million Gmail logins are incorrect. “As we always do in these types of situations, we have taken action on the accounts that may have been affected by the leak,” the rep added. Yahoo also said it sees “no significant risk” to its users based on what Hold Security has obtained. The database is said to contain 40 million Yahoo logins.
Of the 272 million email logins that fell into the hands of Hold Security on May 4, it turned out on Friday May 6 that the 57 million logins associated with Mail.ru were 99.982 percent incorrect. That’s what a spokesperson for the Russian e-mail provider told a Motherboard journalist.
Hotmail’s logins would also have been leaked by the millions. However, Microsoft has not made any public statement about the leak, most suggesting that what is true for Gmail, Yahoo and Mail.ru is also true for this provider. 33 million logins would belong to Hotmail. The other logins would belong to smaller Chinese and German providers.
It is not surprising that the login details are largely incorrect. Given the number of services that would be involved in the leak, it was likely from the start that the login details were obtained through phishing and hacks on internet services such as online stores. In this way, login details for e-mail addresses can also be obtained, but only if the user uses the same password for both the service and his e-mail. Moreover, the fact that the company did not have to pay for the data further weakens the ‘value’ of the data. Hold Security did not verify the validity of the logins with the providers before contacting Reuters, who first reported the story.