Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Google Microsoft Security Yahoo! IT

Amid Data Breach, Google, Mail.ru and Yahoo Claim 98% of Leaked Credentials Bogus (arstechnica.com) 25

Hundreds of millions of email login credentials -- affecting Gmail, Yahoo, Mail.ru (Russia's most popular email service), and Hotmail among other websites -- were being traded earlier this week in Russia's criminal underground. According to a report on Ars Technica, Google, Yahoo, Microsoft, and Mail.ru have now assured that the vast majority of leaked credentials are invalid. For instance, "More than 98% of the Google account credentials in this research turned out to be bogus," Google said. Dan Goodin reports: What has been clear all along to anyone paying attention is that the plaintext credentials recovered by Hold Security almost certainly didn't come from hacks on the e-mail providers. Instead, they most likely were collected by hackers who hit dozens, hundreds or thousands of third-party Web services over the years and dumped the account databases into a single list.
This discussion has been archived. No new comments can be posted.

Amid Data Breach, Google, Mail.ru and Yahoo Claim 98% of Leaked Credentials Bogus

Comments Filter:
  • by Anonymous Coward

    This is self serving and hard to disprove. So go for it!

  • 100% -/- 98% = 2%; 2% of 272,000,000 = 5,440,000 valid accounts & passwords. Getting a 2% success rate isn't so bad, is it?
    • by sims 2 ( 994794 )

      Still seems rather low considering the number of people that use the same password everywhere.

  • I believe them (Score:4, Insightful)

    by Opportunist ( 166417 ) on Saturday May 07, 2016 @10:17AM (#52066921)

    Of course only if you follow their definition of "bogus". That is "using names, addresses and other personal information that isn't quite in sync with that of the person registering the account".

    • Of course only if you follow their definition of "bogus". That is "using names, addresses and other personal information that isn't quite in sync with that of the person registering the account".

      Cite? Where did you get the definition of bogus you "quoted"? It's not in TFA, and it's not the definition I'd expect any email service provider to use. The only valid definition is "account name and password gain entry into a non-suspended account".

      • Sorry, I didn't know I'd give away company secrets, I thought that's common knowledge by now.

        Never mind, I haven't even been here.

        • Sorry, I didn't know I'd give away company secrets, I thought that's common knowledge by now.

          What are you talking about?

    • by tlhIngan ( 30335 )

      Well, I mean the sale price of it was $1 for it. Yes, a dollar. Then it dropped to merely "recognition". Yes, all those accounts are yours if you simply give the guy credit.

      At this point it's basically too good to be true - the list is basically free and all the guy wants is credit? I don't know about you, but when it's too good to be true...

      Someone wants to make a name for themselves and just amalgamated w huge list probably from other public lists of breached emails and addresses.

  • by castus ( 4552487 ) on Saturday May 07, 2016 @10:32AM (#52066953)
    *) People's email credentials are being sold in large numbers on the black market
    *) If you choose to buy some of these, it's not unlikely that you'll get many outdated or bogus credentials

    Or in other words, planet Earth is still spinning around that big hydrogen ball
  • by ljw1004 ( 764174 ) on Saturday May 07, 2016 @12:09PM (#52067227)

    Story1: Of the 100 million credentials leaked, 98% are bogus

    Story2: 2 million valid credentials have been leaked

    The second story still seems pretty serious to me...

    • by castus ( 4552487 )
      98% for gmail, 99.98% for mail.ru

      I wouldn't be surprised if you could do better than that by reusing passwords from other breaches
      Everyone didn't get the don't-reuse-your-password memo
  • "More than 98% of the Google account credentials in this research turned out to be bogus," Google said.

    In unrelated news, security researchers discovered today that 'bogus' is the most common password in the universe. They theorize it may have something to do with accidentally allowing Keanu Reeves near a phone booth.

  • ..because they couldn't be Ars-ed?

You know you've landed gear-up when it takes full power to taxi.

Working...