Pinterest Stumbleupon Whatsapp

For sale: 360 million email passwords. Is yours one of them?

Hold Security, a Milwaukee outfit that helps businesses stay secure, found millions of email passwords for sale while researching the black market sites that sell them. They announced the 360 million figure earlier this week.

In the first three weeks of February, we identified nearly 360 million stolen and abused credentials and 1.25 billion records containing only email addresses,” says the announcement.

Securing your email password is particularly important, because most services use email to recover forgotten passwords. This means that, once a criminal has access to your email, they can get access to all of your other services – including your bank – easily.

Your email might be among the passwords currently for sale, but if change your password now and you’ll be safe. How else can you defned yourself from such leaks? Here are a few tips.


Change your email password, regularly. Also make sure you’re using different passwords for different services. Read our password management guide for more information about why this is necessary.

Turn on two-factor authentication for your email. With this on, your password isn’t enough to access your email: you’ll also need to type a code sent to your phone. It can be annoying, but the security benefits are obvious: any criminal with your username and password will be unable to log into your account.


We have outlined what two-factor authentication is, and why you should use it What Is Two-Factor Authentication, And Why You Should Use It What Is Two-Factor Authentication, And Why You Should Use It Two-factor authentication (2FA) is a security method that requires two different ways of proving your identity. It is commonly used in everyday life. For example paying with a credit card not only requires the card,... Read More . At this point most major email services offer this service, and you should turn it on if at all possible – it’s a great way to keep your data secure.

Interested in the online black markets where criminals sell everything from passwords to credit card numbers? This Planet Money episode is well worth a listen.

Feel free to talk about how you keep your email secure in the comments below.

Source: BCC

  1. Miranda
    March 3, 2014 at 5:56 pm

    I would suggest using a password manager and also added 2fa to all of your accounts. I use LastPass for mine and actually even enabled 2fa on it to add an extra layer of security to my passwords stored there. I agree 2fa is very annoying, but have hope! I found an out of band 2fa solution through LastPass called Toopher and have no complaints about it... yes, that's right it's not actually annoying to use. Toopher uses location awareness of my smartphone to make authentication invisible to me. Once I set up Toopher on my LastPass, as long as I am in one of my recognizable locations, I don't even have to take my phone out of my pocket to get access to my account. So I simply just type in my normal login credentials, then Toopher does it all (2fa) with out bothering me. It blows all other 2fa solutions that I've used out of the water. The problem is that I haven't seen it really offered anywhere else besides LastPass and WordPress. But I will take it where I can get it!

    • Sarah B.
      March 3, 2014 at 6:17 pm

      Hi Miranda. If I were to download a lastpass is it easy to get toopher too? do I need a toopher? I have a lot of concerns about safety on the internet so I'd like to try out one of these password managers but for the life of me, I can't get my teen to help me figure it all out LOL. I'm not very fluent on downloading things but this seems like a good solution. any help you can give me would be great! thank you!!!!

    • Miranda
      March 5, 2014 at 3:24 pm

      Sarah B.,

      Toopher is extremely simple to set up. Once you get LastPass, you'll see a sidebar with settings. This is where you will find the multi-factor solutions... there is information provided there for step by step instructions to setup! Hope you enjoy Toopher and LastPass!

  2. Peter
    March 1, 2014 at 6:23 am


    It's 'Planet Money', not 'Planet Monday'


    Peter from Helsinki Finland, a planet money listener from the very early dawn of time.

  3. Ken
    March 1, 2014 at 1:15 am

    Snopes will surely confirm it.

  4. Joel L
    February 28, 2014 at 6:20 pm

    I've never heard of Hold Security. Are they a big name? Reputable? I'm curious since that announcement post of theirs looks like a "Hey, buy our services" sort of deal. The website doesn't look all that professional either.

    • Aibek E
      March 3, 2014 at 6:16 pm

      checked out their website, same thoughts here)

Leave a Reply

Your email address will not be published. Required fields are marked *