According to Hold Security founder Alex Holden, there are over 270 million stolen usernames and passwords trading in Russia's criminal networks.
Many of the stolen account credentials are from users of Russia's popular Mail.ru email service, with more millions coming from Google, Microsoft and Yahoo users, as well.
Holden, who helped uncover data breaches at Target and Adobe in recent years, said the latest discovery came after a young Russian hacker began bragging in underground forums that he had 1.17 billion stolen credentials. After removing duplicates, that number ended up being 272 million, including 57 million Mail.ru accounts. That number is massive given the fact that Mail.ru only has 64 million active users.
40 million of the combos were from Yahoo Mail accounts, 33 million were from Microsoft Hotmail accounts and 24 million were Gmail. Millions of others came from corporate emails.
"This information is potent. It is floating around in the underground and this person has shown he's willing to give the data away to people who are nice to him," said Holden. "These credentials can be abused multiple times."
The hacker asked for just $1 for all the records and ended up giving Holden the entire dataset for free in exchange for favorable posts in multiple hacker forums.
Source:
Reuters
Holden, who helped uncover data breaches at Target and Adobe in recent years, said the latest discovery came after a young Russian hacker began bragging in underground forums that he had 1.17 billion stolen credentials. After removing duplicates, that number ended up being 272 million, including 57 million Mail.ru accounts. That number is massive given the fact that Mail.ru only has 64 million active users.
40 million of the combos were from Yahoo Mail accounts, 33 million were from Microsoft Hotmail accounts and 24 million were Gmail. Millions of others came from corporate emails.
"This information is potent. It is floating around in the underground and this person has shown he's willing to give the data away to people who are nice to him," said Holden. "These credentials can be abused multiple times."
The hacker asked for just $1 for all the records and ended up giving Holden the entire dataset for free in exchange for favorable posts in multiple hacker forums.
Source:
Reuters