The security firm says that it found someone who claimed to have more than 1 billion hacked addresses up for sale.
Advertisement
Hundreds of millions of hacked usernames and passwords for some major email services are being traded in Russian crime circles, according to Reuters.
Hold discovered the breach when its researchers came across the hacker bragging in an online forum. The accounts include hacked passwords of users at Google, Yahoo, Microsoft and Mail.ru, one of Russia’s most popular email services.
Apparently being able to maliciously scrape millions of login credentials doesn’t automatically make you clever, because the hacker promptly handed the data over to Holden.
Hold Security refuses to pay for stolen information, but the data was handed over after the company agreed to post flattering comments about the hacker on a members-only forum. “It is floating around in the underground and this person has shown he’s willing to give the data away to people who are nice to him”, Holden told Reuters.
The company realized the haul was the result of a number of different breaches, especially since 42.5 million, or 15 percent of the credentials, it had never seen on the black market before, Holden said. After ruling out duplicates and inactive accounts, it was decided that approximately 272 million users were at risk. The last similar attack was made on the u.s. bank nearly 2 years back and since then, this problem has been treated with most urgency.
Hold Security has been contacting the email providers about the accounts which were compromised.
Hold Security, a Wisconsin-based security firm famous for obtaining troves of stolen data from the hacking underworld, announced on Wednesday, that it had persuaded a fraudster to give them a database of 272m unique email addresses along with the passwords consumers use to log in to websites. Also only 0.45% of the content is new, which means that most of the stolen data has already been identified.
The intelligence man is supplying the breached data to affected parties.
Advertisement
And the US federal government has also been hit by massive breaches lately. Yahoo and Google did not really pass any comments regarding the issue but we are quite sure that with this alarm that has been raised they must be working day in and day out to get a resolution at the earliest. “Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access to their account”.
