Thousands of Hotmail, Yahoo and Gmail users have had their usernames and passwords stolen and put up for sale on black market by Russian hackers.
The security breach was uncovered by security firm Hold Security after its researchers uncovered a hacker bragging about the details in a forum. It could be one of the largest in recent times as it affects a whopping 272 million usernames and passwords, although half of these are for Russia's largest email service .
Initially the hacker offered the details for sale for just 50 roubles (around 50p) but surrendered the information for nothing after Hold researchers agreed to post favourable comments about him in hacker forums.
Who is affected?
Usernames and passwords from Yahoo accounted for 15% of all the personal information stolen, while 12% was for Hotmail accounts and 9% affected Gmail usernames and passwords. However, there's no way of knowning which accounts have been affected.
Microsoft said usernames and password being stolen on is an 'unfortunate reality'. 'Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access,' the tech giant said. Gmail and Yahoo have yet to comment on the breach.
What should I do?
If you have a Yahoo, Hotmail or Gmail account the GHI recommends you change you password immediately as there's no way of knowing what email addresses have been stolen.
Make sure it's a strong secure password. Never use your maiden name, favourite football team, pet's name or any other personal information that could be available to fraudsters on social networks. Instead opt for a mixture of upper and lower case letters, numbers and symbols in your password and if it makes it easier to remember, add on a word for the website you're using. So 'telephone' could be 'T£leph6ne-bank' or 'T£leph6ne-energy'. If in doubt, Check how long it takes to crack your password at howsecureismypassword.net - sometimes it's only a matter of minutes!
Hackers know that many of use the same password for all of their online accounts so not only will they try to access the original email address they will try other popular accounts too. So also change the password on any account that shares the password that stolen to begin with.