Holden has previously uncovered other large data breaches, including a cache of 1.2 billion unique credentials in 2014-the world’s biggest-ever recovery of stolen accounts.
Advertisement
According to the report from Reuters, about 40 million of the credentials came from Yahoo Mail, 33 million were from Microsoft’s Hotmail, roughly 24 million from Gmail, and nearly 57 million were from Mail.ru.
Alex Holden, founder and chief information security officer of Wisconsin-based Hold Security, said, “This information is potent. It is floating around in the underground and this person has shown he’s willing to give the data away to people who are nice to him”, said Holden to Reuters.
The company said in a statement credentials tied to its email accounts appeared to have been stolen from other, unrelated sites such as social networks or e-commerce sites that ask users to sign up using email addresses like Mail.ru and pick passwords, which most often will not be the same as those for the email accounts.
Meanwhile, recommending that people with personal email accounts should change their passwords following the hack, cybersecurity experts have explained that stolen email credentials can be used by hackers to entice users to give away more details, including birthdates, credit card numbers and bank account access. Interestingly, Google also accounted for 24 million or 9% of the total credentials despite claiming user’s security as the top most priority.
Usernames and passwords for the world’s largest email services have surfaced, following an investigation by a security analyst who picked up the trove from a notorious hacker. These emails were most likely to be collected from different website.
Holden has a credible record of uncovering serious breaches in the past, which affected millions of individuals of JPMorgan, Target, and Adobe Systems. That’s less than $1, according to Reuters. “[Using] a single desktop or mobile app they connect message platforms like social media [such as] VK, and Facebook, ICQ, Jabber, Google Talk, mail.ru chat, ectera”.
However, not every email service provider looked shaken from the news; Mail.ru requested its users to stay calm and composed as the leaked credentials containing the email and password combinations didn’t work after Mail.ru ran its first test.
Advertisement
A Yahoo spokesperson said the company had obtained a sample of Hold Security’s data and does not believe “there is any significant risk to our users based on the claims shared with the press”. Holden calls the particular hacker who supplied the information, “The Collector”, because he or she seems to compile sets of hacked information into giant collections for sale. “Even slight changes within a password are an effective tool at safeguarding your data when there is a massive breach”, said Young.
