This week some important leaks have arisen in on the Internet, all of them related to Russian users:
- 1.000.000 Yandex addressess and passwords.
- 4.500.000 Mail.ru addressess and passwords.
- 5.000.000 GMail addressess, some of them with passwords.
All this data was posted in a Russian Bitcoin Forum by a user having ‘tvskit’ as nickname. It seems that he was the first one posting a link to download the leaked data. It does not mean that he is the author of the actions.
It’s important to say that, according to companies’ declarations, none of the affected Email services have actually been compromised. Which means that, presumably, the leaked data comes from third-party services that use email as username. It is an important point since some of the leaked data include passwords as well, which may be dangerous for the accounts owners if they are using the leaked password in other services, like email service itself for example.
Therefore, if users are not using the same passwords in different services, it won’t be possible to access to compromised email accounts without any other attack. The main problem every user will be facing for sure, is the increase of the amount of spam received in their emails from now on.Ferran Pichel Cyber Threat Analyst Photo by Lettuce1 / CC BY