According to a recent report, Russian hackers have stolen login credentials for over 272 million email accounts from various domains. While most of these emails accounts are from Russia’s most popular email service Mail.ru, the hackers has also stolen email credentials from other popular email services like Gmail, Microsoft, Yahoo, and more.
Reuters reports that these stolen email accounts are now available for sale in Russia’s criminal underworld. The discovery comes from a security firm called Hold Security, who claims that this is one of the biggest stashes of stolen credentials to be discovered since the cyber-attacks that hit U.S. banks and retailers in 2014.
The researchers at Hold Security found about this when a young Russian hacker was bragging on a hacker forum. This young hacker was planning to give away a far larger number of stolen credentials that ended up totaling 1.17 billion records to make a name for himself. The security firm did not try to identify this hacker, as they believe it could affect their investigation. This hacker collected these data from many sources, and the researchers have dubbed him “The Collector“.
When Hold Security researchers contacted him, this mysterious hacker asked about 50 rubles or less than $1 for the entire trove. He later gave all the records free of charge in exchange for favorable comments about him in hacker forums. According to Alex Holden, founder and chief information security officer at Hold Security, his company has a policy of not paying for stolen data. Holden was also instrumental in uncovering some of the largest known data breaches in previous years, including the attacks that affected tens of millions of users on JP Morgan, Target, and Adobe Systems.
Holden says that after filtering duplicate records, his firm found 57 million Mail.ru email credentials, which is a huge number when compared to the 64 million monthly users the service said it had late last year. In addition to the Mail.ru accounts, the database also includes tens of millions of credentials including 24 million Gmail accounts, 33 million Microsoft accounts, 40 million Yahoo accounts, and hundreds of thousands of accounts from German and Chinese email providers.
Yahoo Mail credentials numbered 40 million, or 15 percent of the 272 million unique IDs discovered. Meanwhile, 33 million, or 12 percent, were Microsoft Hotmail accounts and 9 percent, or nearly 24 million, were Gmail, according to Holden.
Holden also said that thousands of these stolen credentials belong to employees of some of the largest U.S. banks, manufacturing and retail companies.
This information is potent. It is floating around in the underground and this person has shown he’s willing to give the data away to people who are nice to him. These credentials can be abused multiple times.
Hackers usually find data like these quite useful, as people tend to favor certain passwords and reuse them across various online services. Therefore, hackers use passwords they found on one account to try to break into other accounts of the same user.
Ten days ago, Hold Security has contacted all the affected organizations and service providers with the data and claims that their company’s policy is to return data it recovers at little or no cost to the firms that were breached.
This is stolen data, which is not ours to sell.
Reuters has contacted many of these organization for statement. In an email Mail.ru said that the company is currently checking whether any of the affected email accounts are active and will warn the affected users. The company also adds that they have not found any live combinations of user names and passwords that match existing emails.
We are now checking, whether any combinations of usernames/passwords match users’ e-mails and are still active.
As soon as we have enough information we will warn the users who might have been affected.
Similarly, a Microsoft spokesperson has also made the following statement to Reuters,
Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access.
So far, Reuters could not get any statement from Yahoo and Google, but we believe these companies are doing their best to address the issue.
With all these said Hold Security and its researchers had still not found the identity of the hacker and are still in darkness about how he obtained all these data.