HUNDREDS OF MILLIONS of usernames and passwords belonging to Gmail, Hotmail and Yahoo Mail users are being traded in Russia’s criminal underworld.
Reuters has the scoop, having heard from Alex Holden, founder and chief information security officer of Hold Security – and the man who last year uncovered the largest data breach to date – that the details of 272.3 million stolen accounts are being traded.
Russia’s own Mail.ru email service accounts for the majority of hacked accounts at 57 million, but a large number also belong to Gmail, Hotmail and Yahoo Mail users.
Yahoo Mail credentials totaled 40 million, or 15 per cent of the haul, Hotmail accounted for 33 million, or 12 per cent, while 24 million, or nine per cent, belonged to Gmail account holder.
It wasn’t just email accounts that were targeted, according to the report, with Holden also discovering thousands of other stolen username and password combinations that appear to belong to employees of some of the largest US banking, manufacturing and retail companies.
Holden stumbled on the discovery after he saw a young Russian hacker – since nicknamed “The Collector” – bragging about the information haul in an online forum. He was asking for just 50 rubles – less than $1 – for the lot, but Holden was given the information for free after he said he’d big up the hacker online.
Mail.ru spokeswoman Madina Tayupova told Reuters: “We are now checking whether any combinations of usernames/passwords match users’ emails and are still active.
“As soon as we have enough information we will warn the users who might have been affected,” she said, adding that Mail.ru’s initial checks found no live combinations of usernames and passwords that match existing emails.
A Microsoft spokesman said: “Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access.”
Google and Yahoo are yet to comment. We’ll update this article when we hear more.
Source: The Inquirer