TechSpot

Hacker trades 272 million stolen email addresses and passwords, many from Gmail, Yahoo, and Hotmail

By midian182
May 5, 2016
Post New Reply
  1. Changing your passwords on a regular basis is sensible, especially in light of a recent report from Reuters, which suggests that over 270 million usernames and passwords for email accounts have been breached and are being used by “Russia’s criminal underworld.”

    Alex Holden, chief information officer at Wisconsin-based security company Hold Security, said his firm had discovered a Russian hacker offering to sell a cache of around 1.17 billion stolen credentials for 50 roubles (75 cents).

    Hold Security refuses to pay for stolen information, but the data was handed over after the company agreed to post flattering comments about the hacker on a members-only forum.

    After removing the duplicates, the team discovered that the trove contained 272.3 million unique records, including 57 million accounts from Russian email service Mail.Ru, 40 million from Yahoo mail, 33 million Hotmail accounts, and 24 million Gmail credentials.

    There were also hundreds of thousands of email addresses from Germany and China, along with thousands of usernames and passwords belonging to employees from US banking, manufacturing and retail companies.

    "This information is potent. It is floating around in the underground and this person has shown he's willing to give the data away to people who are nice to him,” said Holden.

    Hold Security has informed the affected email providers. Mail.Ru said it was now investigating which passwords are linked to current email accounts. "As we have enough information we will warn the users who might have been affected," the company said in a statement. "Mail.Ru email service has been working hard to continuously improve its security system."

    Microsoft acknowledged that hackers posting stolen credentials is a problem. "Unfortunately, there are places on the Internet where leaked and stolen credentials are posted, and when we come across these, or someone sends them to us, we act to protect customers," a spokesperson said. "Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access to their account."

    Google and Yahoo did not respond to requests for comment.

    How much of a threat this information poses is unclear. It’s possible that a great deal of it may be out of date, but the biggest risk comes from people’s penchant for using the same login credentials on multiple sites, which could lead to further breaches.

    Permalink to story.

     
  2. davislane1

    davislane1 TS Evangelist Posts: 3,562   +2,370

    #ProTip: This is going to become increasingly common (already has?). Enable multi-step authentication to protect yourself.
     
  3. Levi Sterling

    Levi Sterling TS Enthusiast Posts: 67   +21

    I would ask the man politely if my **** is in it. My accounts are old and I would like to keep them.
     
  4. Kibaruk

    Kibaruk TechSpot Paladin Posts: 2,518   +506

    Techspot, I know there are a couple places like pastebin but could you link to where we can find and verify this kind of information?
     
    SalaSSin likes this.
  5. Squid Surprise

    Squid Surprise TS Guru Posts: 867   +277

    Just change your password.... and/or enable 2-step authentication....

    Hackers also use them as combo lists when hacking other stuff - cause people tend to use the same login/pw for multiple things...
     
  6. Evernessince

    Evernessince TS Evangelist Posts: 1,201   +595

    That's for sure. Although I can't right remember a different password for each website I have an account for. You should at least have a handful of passwords.
     
  7. DJMIKE25

    DJMIKE25 TS Addict Posts: 155   +51

    This is why 2-step authentication is becoming increasingly important. For a corporate environment, smart cards and TPM chips.
     
  8. Kibaruk

    Kibaruk TechSpot Paladin Posts: 2,518   +506

    2 Step authentication password managers :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...