Stolen data of more than 272 million Gmail, Yahoo and other website accounts have been put on sale in Russia’s criminal underworld, a security expert has informed.
The discovery of these stolen accounts includes data from Russia’s most popular email service, and smaller fractions of Google, Yahoo and Microsoft email users, said Alex Holden, founder and chief information security officer of Hold Security who called it “one of the biggest stashes of stolen credentials to be uncovered since cyber attacks hit major US banks and retailers two years ago.”
Holden has previously been instrumental in uncovering some of the world’s biggest known data breaches, affecting tens of millions of users at Adobe Systems, JPMorgan and Target after exposing them to subsequent cyber crimes.
Sale for Less than $1
Mysteriously, the hacker asked for just 50 roubles – less than $1 – for the entire trove, but gave up the data after Hold researchers agreed to post favourable comments about him in hacker forums, Holden said. He said his company’s policy is to refuse to pay for stolen data.
Such large-scale data breaches can be used to engineer further break-ins or phishing attacks by reaching the universe of contacts tied to each compromised account, multiplying the risks of financial theft.
Stolen Yahoo Mail credentials numbered 40 million, or 15 percent of the 272 million unique IDs discovered. Meanwhile, 33 million, or 12 percent, were Microsoft Hotmail accounts and 9 percent, or nearly 24 million, were Gmail, according to Holden.
After being informed of the potential breach of email credentials, Mail.ru responded with a statement emailed to Reuters: “We are now checking, whether any combinations of usernames/passwords match users’ e-mails and are still active.”
Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access.
Yahoo and Google spokespersons did not respond to requests for a comment.