We did some digging and found out the affected accounts come from Gmail, Hotmail and Yahoo email users.
Advertisement
The details, which are not encrypted, include the users’ email addresses and passwords, allowing anyone, even those without any technical knowledge, to enter unimpeded into the victims’ email accounts.
“Some people use one key for everything in their house”, Hold Security founder Alex Holden says.
The discovery of these stolen accounts includes data from Russia’s most popular email service, and smaller fractions of Google, Yahoo and Microsoft email users, said Alex Holden, founder and chief information security officer of Hold Security who called it “one of the biggest stashes of stolen credentials to be uncovered since cyber attacks hit major U.S. banks and retailers two years ago”.
It is one of the biggest stashes of stolen credentials to be uncovered since cyberattacks hit major United States banks and retailers two years ago. Holden has uncovered a data breach. Surprisingly, the company managed to acquire the data at no cost at all.
Holden and his team looked up at the data, and after removing duplicates they found out that the data cache had almost 57 million Mail.ru accounts, which is fairly big considering that there are 64 monthly active users of the Mail.ru service. 272 million of those credentials turned out to be unique, which in turn, translated to 42.5 million credentials – 15% of the total that we have never seen before.
The thefts involved some of the biggest email providers in the world such as Google, Yahoo, Hotmail and Microsoft.
Users concerned about the leak would be wise to change their passwords, start using different passwords for different accounts, and enrol in two-step verification on supporting sites.
The hacker asked for less than $1 for the copy of the entire data set which Hold Security refused to give due to its company policy.
Mail.ru was informed about the potential data breach by the Russian hacker to which they sent out a statement saying they were checking whether any of the combinations on the data stash stolen matched any of the active users’ credentials.
“This information is potent”. “These credentials can be abused multiple times”, he said.
Advertisement
A Microsoft spokesman said: “Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access”.
