More than 250 million passwords and email usernames have been violated and are now available to cybercriminals.
This massive data breach affects many email addresses on the popular Russian Mail.ru service, as well as Google, Yahoo and Microsoft account details. The discovery was made by security researchers from Hold Security, a company that specializes in data theft detection. Alex Holden, the founder and chief information security officer of the company officially reported the news.
Hold Security researchers came across a Russian hacker, who was bragging in an online forum that he has more than 1 billion stolen credential records and is ready to sell them. After detecting the duplicates, the total amount of hacked addresses included 57 million Mail.ru, 40 million Yahoo, 33 million Hotmail and 24 million Gmail account credentials. However, these are not the full list of compromised accounts.
In addition to this, there are thousands of email account credentials from German and Chinese email servers as well. According to the analysis, most of the accounts appear to be username and password combinations used by employees of some famous and large US banks, as well as manufacturing and retail companies.
Holden explained that this data leakage is a real threat, especially when floating around in the underground web. The Russian hacker seems to be ready to give it away to other malicious actors without any hesitation. In his blog post, Holden shares how his company was surprised by the huge amount of credentials acquired by the hacker. Most probably the data have been collected not with a single attack, but accumulated as a result of many different breaching hacks. Such a massive collection of account credentials, however, has not been seen in the underworld hacking scene ever before.
Security experts advise that if the victims of this massive email credential theft suspect they are compromised, they should change their passwords as soon as possible. Unchanged, stolen credentials can get in the hands of some malicious actors and be used for criminal activities.