Usernames and passwords are being traded by the millions around Russia's criminal underworld — evidence of one of the largest breaches in history.
According to reports, 272.3 million stolen accounts have been identified — the majority of which belong to users of Mail.ru, Russia’s most popular email service. The remaining accounts came from the expected international sources — Google, Microsoft and Yahoo — noted Alex Holden, founder and chief information security officer of Hold Security.
Hold discovered the latest breach after finding a Russian hacker bragging about the large number of email credentials he had amassed, as well as his plan to give them away. All in, that initially totaled around 1.17 billion records.
Once that list is paired down for duplicates, one finds 57 million Mail.ru accounts, as well as millions of Google, Yahoo and Microsoft accounts.
“This information is potent. It is floating around in the underground, and this person has shown he’s willing to give the data away to people who are nice to him,” said Holden, the former chief security officer at U.S. brokerage R.W. Baird. “These credentials can be abused multiple times."
Whatever the hacker is after in this case, it does not seem to be cash, only asking for about $1 for the cache and able to be talked out of the dollar in favor of praise on hacker forums.
As for responses, only Microsoft had one amongst the international players breached.
“Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access.”
Yahoo and Google did not respond to requests for comment.
Stolen online account credentials are to blame for 22 percent of big data breaches, according to a recent survey of 325 computer professionals by Cloud Security Alliance.