Latest in Gear

Image credit:

Russian provider casts doubt on email hacking claims

It looks like yesterday's email 'hack' contained a lot of false data.
Nathan Ingraham
May 5, 2016
Share
Tweet
Share

Sponsored Links

Yesterday, Reuters reported that tens of millions of email addresses and account passwords were stolen in an apparent data breach -- but as is often the case, there's more to this story than meets the eye. According to Motherboard, which spoke with both Hold Security (the company that received the data in question) and security expert Troy Hunt, it's not at all clear that the email providers were hacked. It's even possible this data isn't legitimate.

For starters, Motherboard received a statement from Russian email provider Mail.ru, which accounted for 57 million accounts in the data release. The provider claims that after doing a sample check of the data, none of the email and password combinations work. This casts plenty of doubt on the legitimacy of the entire data set.

Furthermore, Alex Holden (CEO and founder of Hold Security) admitted that the data appeared to come from "a collection of different breaches." Between this and the doubt that Mail.ru has cast on the legitimacy of the data, it's entirely possible that the data in this "hack" is either quite old or didn't come from the email providers directly -- or both. Troy Hunt of "Have I Been Pwned" (a site that maintains a repository of data breeches) said to Motherboard: "You know how much effort we go to in trying to figure out if breaches are legit or not, it feels like that hasn't happened here."

As always, it's good to practice good password hygiene and change them up frequently (and seriously, two-factor authentication!), but it's also worth maintaining some perspective -- if a company has large as Microsoft, Google or Yahoo was hit with a data breach affecting tens of millions of its customers, it would likely have made that knowledge publicly available. Absent any firm confirmation from those companies -- as well as Mail.ru's statement -- it seems most users should be safe at the moment.

Engadget’s parent company, Verizon, now owns Yahoo. Engadget remains editorially independent.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Inside Indonesia's fight to save its most important soil

Inside Indonesia's fight to save its most important soil

View
Cowboy upgrades its e-bike with a carbon belt and puncture-resistant tires

Cowboy upgrades its e-bike with a carbon belt and puncture-resistant tires

View
Hulu will cut off older Roku players after June 24th

Hulu will cut off older Roku players after June 24th

View
'Project Cars 3' trailer has some sim racing fans worried

'Project Cars 3' trailer has some sim racing fans worried

View
Kitty Hawk moves on from its original flying car project

Kitty Hawk moves on from its original flying car project

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr