Gmail, Yahoo, Hotmail and Mail.ru and perhaps more, have leaked usernames, email addresses and unencrypted passwords.
The security firm that discovered the breach, Hold Security, believes that many of the accounts involved in this leak have not been previously leaked. According to its analysis there are over 272 million unique email and unencrypted password pairs, where 42.5 million have not been previously leaked.
Hold Security was able to get a hold of the data for free. The hacker originally asked for 50 roubles (equating to around 75 cents or 52 pence) for the entire list. Instead, an agreement was reached to provide the data for free if the firm was to post positive comments about the hacker in a forum.
A breakdown of the major services affected showed the scale of the leak:
- 57 million accounts for Mail.ru
- 40 million for Yahoo Mail
- 33 million for Hotmail
- 24 million for Gmail
The concern of this leak does not lay solely with people being able to gain access to one's email account, but also that these details could be used to send bulk phishing emails.” (emphasis mine) – Neowin
I’d get busy changing passwords, and be extremely careful about emails with attachments, even from people you know.
Send a return email asking whether they sent you an email with an attachment.