Security & Fraud

Hundreds Of Millions Of Accounts Compromised In Major Email Hack

Usernames and passwords are being traded by the millions around Russia's criminal underworld — evidence of one of the largest breaches in history.

According to reports, 272.3 million stolen accounts have been identified — the majority of which belong to users of, Russia’s most popular email service. The remaining accounts came from the expected international sources — Google, Microsoft and Yahoo — noted Alex Holden, founder and chief information security officer of Hold Security.

Hold discovered the latest breach after finding a Russian hacker bragging about the large number of email credentials he had amassed, as well as his plan to give them away. All in, that initially totaled around 1.17 billion records.

Once that list is paired down for duplicates, one finds 57 million accounts, as well as millions of Google, Yahoo and Microsoft accounts.

“This information is potent. It is floating around in the underground, and this person has shown he’s willing to give the data away to people who are nice to him,” said Holden, the former chief security officer at U.S. brokerage R.W. Baird. “These credentials can be abused multiple times."

Whatever the hacker is after in this case, it does not seem to be cash, only asking for about $1 for the cache and able to be talked out of the dollar in favor of praise on hacker forums.

As for responses, only Microsoft had one amongst the international players breached.

“Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access.”

Yahoo and Google did not respond to requests for comment.

Stolen online account credentials are to blame for 22 percent of big data breaches, according to a recent survey of 325 computer professionals by Cloud Security Alliance.



Banks, corporates and even regulators now recognize the imperative to modernize — not just digitize —the infrastructures and workflows that move money and data between businesses domestically and cross-border.

Together with Visa, PYMNTS invites you to a month-long series of livestreamed programs on these issues as they reshape B2B payments. Masters of modernization share insights and answer questions during a mix of intimate fireside chats and vibrant virtual roundtables.

Click to comment