«

»

Sep
12

26000 email address and password combinations found published on French Website

ECLAT Technologically IT Security AlertOnline security is the name of the game, but just how secure are you when you browse the web? There are a multitude of ways to protect yourself, but TOO many people do little if anything to secure their information on the internet. The consequences can be profound. Consider, for a moment, the implications for losing control of your email address and password. Do you get emails from your bank, there? Bingo. Your bank account is now accessible by the bad guys. How about your stock portfolio? Confidential medical or other financial data? Customer data? Loans? Credit Cards? Business advertising accounts. How about really embarrassing personal data? Plus your name, date of birth, list of family members… the list goes on. If you’re not securing your data, there is a world of hurt waiting to come your way, and your life can lay in ruins in its wake.

Now, in case you’re wondering just how accessible your email address and password are, consider this. Earlier today I was trying to decipher a hand written note and typed in an email address from that note into a Google search. I clicked a few links and imagine my surprise when I found was a list of 25,970 email addresses and passwords. How long have they been out there? Who put them there? How did they get the list? It’s really hard to say, though some of the contents of the page make it look like these were from phishing sites, possibly made to look like the user was logging into their own email, or a similar site. But the cleanup from that kind of theft has got to be immense.

Here’s what I did to address the issue when I found their data:

  • I copied the list and the url of the site I found the list on
  • stripped the passwords
  • parsed the domains
    • 1572 Gmail Accounts
    • 16572 Microsoft customer email accounts including Microsoft Live, Windows Live, hotmail.com and MSN.com
    • 3620 yahoo email accounts
    • 400 AOL.com and aim.com accounts
    • thousands of others from private companies and educational institutions alike
  • contacted the security from most of those domains (the full list is impossible)
  • provided them with the list of compromised accounts and the source (as I have it)
  • contacted a few individuals who were not part of big lists (like gmail, hotmail, yahoo etc.)
  • and now I’m telling you.

This is a big list. 25,000 accounts. That’s a lot of people. And it’s just a drop in the bucket of the list of accounts that have been compromised. Are you one of them? Are you doing all that you can to secure your data? Do you even know if you are? These are all points that may keep you up at night if you haven’t consulted someone to ensure that you are properly protected. Don’t wait until it’s too late. Call someone now!