Webmail login probe firms 'leak'

Mail.ruImage copyrightMail.ru
Image captionThe most "compromised" logins seems to mail.ru accounts
Several popular webmail providers examine a report that millions of its users registration data are shared on a hacker site.

Google Gmail, Yahoo Mail, Microsoft Hotmail and Mail.ru are some of the services said to have been affected.

Security firm, which gets into the issue, said he believes many of the usernames and passwords associated not leaked before.

However, it is not clear whether in fact the users accounts were affected.

Security Holding said it received a total of 272 million unique pairs of email addresses and plain text passwords from hackers, 42.5 million of which the company has not seen in earlier leaks.

He said that the intruder initially asked for 50 rubles (75 cents, 52 pence) in exchange for the list, but in the end gave away a copy without charge after employees hold posted favorable comments about it in the forum.

Even if many of the credentials are outdated or inaccurate, they can still be used by malicious, the company warned.

"There are hacker websites that advertise" fingering "popular services, and shop fronts, taking a large number of credentials and launch them one by one against the site," said Alex Holden, director of information security firm, the Air Force.

"What makes this discovery more important is the desire hacker to share these powers at virtually no cost, an increasing number of malicious ... people who might have this information."

Inactive combination

According to the analysis Hold:

57 million accounts have been for Mail.ru accounts
40 million were for Yahoo accounts
33 million were for Hotmail accounts
24 million were for Gmail accounts
Nevertheless, of Mail.ru - the most commonly used web mail service of Russia - he said its initial investigation suggested that the problem may not be as bad as the numbers indicated.

"A large number of user names are repeated with different passwords," the spokesman said.

"We are currently checking whether any combination of match username / password [Active Accounts] - and as soon as we have enough information, we will warn users who might be affected.

"The first data sample check showed that he is not a member of any real live user name and password combinations."

Microsoft has said that there were measures to identify compromised accounts.

"[We would require] additional information to verify the account holder and to help them regain exclusive access," the spokesman said.

Google said: "We are still investigating, so we have no comment at this time."

And Yahoo said: "We have seen reports and our team is eager to hold the security to get the list of accounts now we update the go-ahead.".

Phishing warning

HackerImage copyrightThinkstock
captionCybercriminals image can still use a list of letters, even if the passwords do not work
Security Holding has a track record for attracting significant cyber-violations to light, including the previous break-ins Adobe and US retailer Target.

Independent security consultant Alan Woodward said people should remain vigilant to the dangers of phishing emails.

Even if the vast majority of the password does not work, he explained, cybercriminals can still use e-mail list to send bulk scam.

"If we assume that e-mail addresses are valid, they still give criminals the opportunity to install certain types of attacks," he said.

However, he added that there was "no reason to panic", or for people to change their passwords at the moment.