A security expert has revealed that hundreds of millions of hacked account usernames and passwords have been on the market in Russia’s criminal tech underworld. 272.3 million Stolen accounts are being traded on the underworld market. Most the user accounts are from email service Mail.ru, which is very popular in Russia. Other fractions of the accounts are from global email services Yahoo, Google, and Microsoft.
Alex Holden, the security researcher, founder and chief information security officer at Hold Security said this was one of the biggest stashes of stolen usernames and passwords ever since the cyber attacks on US banks two years ago.
He has been a big asset in uncovering some of the biggest breaches in the world. Some of the breaches which affected tens of millions of users at Adobe Systems, JPMorgan, and Target. He has managed to expose many companies to subsequent cyber crimes.
The new discovery came after some of the Hold Security researchers saw an online post by a Russian hacker on an online forum where he was bragging about the amount of credentials he had in his possession and he was willing to give them away. The credentials allegedly totaled 1.17 billion records.
Holden and his team looked up at the data, and after removing duplicates they found out that the data cache had nearly 57 million Mail.ru accounts, which is fairly big considering that there are 64 million monthly active users of the Mail.ru service. The data cache also had tens of millions of login credentials for the leading world email providers, Gmail, Microsoft, and Yahoo. Other German and Chinese email providers were also included in the data stash.
For everything, he asked for less than a $1, though Holden did not pay for it. They simply promised to write glowing comments about him in other hacker forums. Holden said his company’s policy was to refuse paying for stolen data.
Large break INS such as this one are used to perpetrate phishing attacks and further break-ins. This then increases financial attack risks or even reputation damage on the Internet. Hackers act on the account that most people have favorite passwords they like and they don’t want to change them regularly, which makes it easy for them to hack into multiple accounts of one user using the same password.
Mail.ru was informed about the potential data breach to which they sent out a statement saying they were checking whether any of the combinations on the data stash stolen matched any of the active users’ credentials.
“As soon as we have enough information we will warn the users who might have been affected,” Mail.ru said in the email, adding that Mail.ru’s first checks had not found any live combinations.
A Microsoft spokesman said the issue of stolen credentials was sadly a reality. He also mentioned that the company had security measures in place to counter and detect any account compromises and also relied on users to verify account owner and help them gain access.
Yahoo and Google did not respond to requests for comment.
If you want to give yourself some extra e-mail protection, then why not check out our list of the most popular secure e-mail alternatives.