Yesterday, Reuters reported that tens of millions of email addresses and account passwords were stolen in an apparent data breach - but as is often the case more stories than eye contact. According to the motherboard, which has talked with both Hold Security (the company that received the data in question) and security expert Troy Hunt, it is unclear that the email service provider was hacked. This data may not be legal.
For beginners, the motherboard receives a statement from Russia's Mail.ru email service provider, accounting for 57 million accounts in the data release. The vendor claims that after performing sample data check, there is no email matching and password working. This raises a lot of doubts about the legality of the entire dataset.
In addition, Alex Holden (Managing Director and Founder of Hold Security) acknowledges that the data comes from "a variety of different violations." Between this and the suspicion that Mail.ru has given the legitimacy of the data, it is entirely possible that the data in this "hack" is either pretty old or not directly from the email service provider - or both two. Troy Hunt of "Have I Been Pwned" (a website that maintains the post office) told the motherboard: "You know we've worked hard to find out whether the offenses are correct or not. It seems that it did not happen 'happened here.'
As always, it's good to practice good password hygiene and change them regularly (and seriously, authentic two factors!), But also need to maintain some perspective - if a big company like MSN Hotmail, Google Gmail or Yahoo! mail has hit data breaches affecting tens of millions of customers, probably it has made their knowledge publicly available. There are no definite confirmations from such companies - as well as the Mail.ru statement - it seems most users are safe at this time.