However, the bulk of them are from Russia’s Mail.ru platform, NBC reports.
Advertisement
A huge data breach has made more than 272 million e-mail accounts vulnerable. The passwords and usernames belonged to accounts from Russia’s largest e-mail provider, Mail.Ru, as well as to Gmail, Yahoo Mail and Microsoft Hotmail.
With the Russian hacker reportedly offering the stolen email credentials for sale on the so-called ‘Dark Web, ‘ Theresa Payton – CEO of cybersecurity firm Fortalice Solutions – said: “The data collection of consumers, the data collection of federal government employees, it’s very obvious that it’s targeted, that it’s orchestrated, and that there is multiple groups in play here”. Email accounts that don’t enable two-factor authentication-registering a phone number, for example, which must be verified before a user can change their password-are at far greater risk.
A odd recent transaction with a young Russian hacker left the security research firm Hold Security and the Russian with an enormous trove of compromised email addresses and passwords, the firm says. Based on the finding that nearly 23 percent of the supposedly compromised Mail.ru addresses didn’t exist, it may also be the case that the hacker who Hold Security said turned over the data padded an aging list of compromised credentials with credentials that never existed in the first place.
Hackers use stolen email information to lure users into giving away more information including birthdates, credit card numbers and bank account access.
This year’s annual Verizon Data Breach Investigations Report showed 63 percent of all breaches included the use of stolen credentials, up from 51 percent in last year’s report.
Experts agree that passwords should be changed regularly, as often as monthly. It is why attackers reuse old passwords found on one account to try to break into other accounts of the same user.
A Microsoft spokesman said stolen online credentials was an unfortunate reality.
Reuters reported yesterday that the stolen login data was first uncovered during an investigation by cybersecurity firm Hold Security. Of those, only 42 million were credentials Hold Security hadn’t seen before. A majority of usernames and password combinations that were stolen belonged to employees of the largest U.S. firms and banks.
But a spokesperson for Mail.ru dismissed the apparently hacked database as nothing more than a publicity stunt by Alex Holden of Hold Security, the researcher who claimed to have obtained it.
Mixing languages is another way to throw off hacking programs.
“Therefore, it is fair to assume that the sole goal of issuing the report was to create media hype and draw the public attention to Holden’s cyber security business”.
Advertisement
Hunt is the founder of data breach repository Have I Been Pwned, and said that in this instance, there is most likely not a breach. Because the hacker vacuumed up data from many sources, researchers have dubbed him “The Collector”.
