A couple of days ago, news broke out that over 272 million account credentials had been leaked from various services including Gmail, Yahoo Mail, Hotmail and Mail.ru. It was also alleged that the hacker was selling these credentials for as little as $1 online, which understandably led to widespread panic among the users of the respective services. However, now it appears that this supposed data breach is bogus after various email service providers have claimed that most of the credentials leaked were invalid.
24 million login credentials were supposedly breached from Google's email service and the company previously stated that it was investigating the data violation. Now, Google claims that:
More than 98% of the Google account credentials in this research turned out to be bogus. As we always do in this type of situation, we increased the level of login protection for users that may have been affected.
Similarly, Russian email provider Mail.ru, from which the hacker claimed to have exposed a whopping 57 million account credentials, now also states that 99.98% of the leaked accounts were invalid. 65% of the listed accounts passwords were incorrect, 12% had been shut down by the provider in the past as these were believed to be managed by bots and the remaining 23% did not even exist.
Yahoo, from whom the hacker also claimed to have stolen 40 million accounts, now states that:
Our security team has investigated and we don’t believe there is any significant risk to our users based on the claims shared with the press. We always encourage our users to create strong passwords or, even better, eliminate use of passwords altogether by using Yahoo Account Key.
Microsoft, from whom the hacker also alleged to have leaked 33 million accounts, is yet to comment on the issue, but looking at the pattern gathered from the reports from other service providers, it's likely that Microsoft's services also haven't been breached as heavily - or even breached at all.