GOOGLE HAS CALLED 'BS' on last week's report that claimed a hack on webmail services saw 272 million user credentials stolen, including 23 million belonging to Gmail users.
The report, which first surfaced at Reuters, claimed that 'hundreds of millions' of usernames and passwords belonging to Gmail, Hotmail, Mail.ru and Yahoo Mail users are being traded in Russia's criminal underworld.
Alex Holden, chief information security officer of Hold Security - and the man who last year uncovered the largest data breach to date, told Reuters that there were 272 million credentials leaked in total, 42 million of which had never been leaked before.
Google has now thrown the validity of the whole thing into question, saying that almost all of the supposed 23 million leaked Gmail logins were "bogus."
"More than 98 per cent of the Google account credentials in this research turned out to be bogus," a Google spokesperson told Ars Technica.
"As we always do in this type of situation, we increased the level of login protection for users that may have been affected."
Russia's Mail.ru service, which reportedly accounted for the bulk of the leak with 57 million leaked credentials, has said separately that more than 99.98 per cent of the credentials it received from security firm Hold Security turned out to be invalid accounts.
Ars Technica notes that almost 23 per cent of Hold Security's entries contained addresses that don't exist, 65 per cent of the listed accounts contained passwords that were wrong. The 12 per cent of remaining accounts had already been temporarily suspended by Mail.ru because officials considered them compromised or controlled by bots.
Yahoo has also issued an updated statement to say that it doesn't believe its users are at risk from the so-called hack.
"Our security team has investigated and we don’t believe there is any significant risk," a spokesperson said. "We always encourage our users to create strong passwords (here are some tips), or, even better, eliminate use of passwords altogether by using Yahoo Account Key."
We'll update this article when we hear more. µ
To hear more about security challenges, the threats they pose and how to combat them, sign up for The INQUIRER sister site Computing's Enterprise Security and Risk Management conference, taking place on 24 November.
The IoT has gone unsecured for too long, says DCMS and NCSC
Mobile-friendly app will offer a 'desktop-class' experience
Alexa, show me half-arsed implementation
Samsung reportedly orders in 6.66in OLED panels