ShortList is supported by you, our amazing readers. When you click through the links on our site and make a purchase we may earn a commission. Learn more

If you use Gmail, Hotmail or Yahoo mail, you should change your password right now

Well that sucks

If you use Gmail, Hotmail or Yahoo mail, you should change your password right now
06 May 2016

We're sorry to break it to you, but you're finally going to need to move on from "Password1234". 

At this very moment, details of some 272.3 million email accounts and their passwords are being traded by Russian hackers after one of the largest data breaches in internet history.

The stolen accounts include 53 million Mail.ru accounts (Russia's most popular email service), 40 million Yahoo accounts, 33 million Microsoft Hotmail accounts and 24 million Gmail accounts.

US security expert Alex Holden broke the news to Reuters that his firm Hold Security it had stumbled across a young Russian hacker - a kid they've now named 'The Collector', because they probably watch too many espionage films - bragging in a forum that he had collected the details and was prepared to sell them for the ridiculously low sum of 50 roubles - about £0.50.

Apparently Hold researchers were able to obtain access to the stolen data after convincing the hacker they would write favourable comments about him in hacker forums (a review we imagine went along the lines of "4/5 hacker skills, replies to emails promptly, didn't try and blackmail me").

It's feared that the data set could result in further data breaches: if an employee of a large company or bank were to use a single password for their email and other accounts, a hacker could potentially gain access to a great deal of sensitive information.

It's not known how many of the stolen details relate to UK accounts, but Holden suggests that several thousand username/password combinations appear to belong to employees of several large US banking, manufacturing and retail companies.

So: change your password, set up a two-step verification on all your sensitive accounts and DON'T reply to any emails claiming you need to verify your password details. And for goodness sake, don't use the same password for all your accounts, okay?

[Via: Reuters]