Hold Security is known for such record recoveries, including work with investigative reporter Brian Krebs to recover the Adobe user database including 153 million records, then with 360 million records in February 2014, and finally uncovering 1.2 billion credentials stolen by a Russian cyber gang in what Hold Security calls the most substantial breach known to-date. “Some are claiming that the data is mostly useless, and with all of the caches of stolen credentials hiding in the Internet undergrounds, it would not surprise me to see scammers attempting to sell useless data”.
Advertisement
The user names and passwords were being offered for sale on the so-called “dark web” where hackers hock their goods.
“We have no reason to believe that Mail.ru was breached directly, but these credentials could have been stolen from other sites which may hold private data of the users”, Holden wrote.
According to the report from Reuters, about 40 million of the credentials came from Yahoo Mail, 33 million were from Microsoft’s Hotmail, roughly 24 million from Gmail, and nearly 57 million were from Mail.ru.
According to Alex Holden, the founder and chief information security officer at Hold Security, “This information is potent”.
Jonathan Cran at Bugcrowd said in an email to SCMagazine.com the emails could still prove useful, but “the half life of stolen credentials is decreasing as SaaS providers such as mail.ru or Gmail get faster at invalidating them”. “Millions of passwords stolen from Google and Yahoo users in major security breach”, titled the Daily Mail. Because the hacker vacuumed up data from many sources, researchers have dubbed him “The Collector”.
Those services could allow users to sign in with their email address but not necessarily the same password they use with gmail for instance. “[Using] a single desktop or mobile app they connect message platforms like social media [such as] VK, and Facebook, ICQ, Jabber, Google Talk, mail.ru chat, ectera”. “It is not unusual that most people still reuse credentials across different services, but almost a 75% overlap is substantial”, the company wrote in its report on the incident. Also, the fact that all this data, which could lead to more hacks and identity theft if legit, was being sold for only $1 makes makes it even more likely that these are credentials culled and accumulated from older data breaches.
About 43 percent of the 34 million credentials relate to users who signed on with mail.ru email addresses.
“Those are being processed and distributed to companies and individuals who can secure their systems against abuse”, Hold Security said.
“There are over 42,000 credentials from the.ie domain in the recovered data”, Mr Holden told the Irish Independent.
Advertisement
The discovery was made by researchers at Hold Security, a cybersecurity firm that specializes in Eastern European cybercrime.
