Independent Online

Sunday, August 14, 2022

Like us on FacebookFollow us on TwitterView weather by locationView market indicators

Russian hackers steal millions of email details

Published May 6, 2016

Share

Login details for more than 272 million Gmail, Hotmail and Yahoo! accounts are being traded by Russian cybercriminals, it has been revealed.

According to research from cybersecurity firm Hold Security, the majority of leaked login credentials relate to Mail.ru, Russia''s most popular email service.

Story continues below Advertisement

However, Reuters reports that millions of Google, Yahoo! and Microsoft email accounts have also been stolen, affecting internet users across the world.

It is one of the biggest stashes of stolen login credentials in internet history, and users are rightly worried.

Hold Security claims it came across the database on a Russian hacker forum, where one user was bragging that he had obtained the details for around 1.17 billion email accounts.

Story continues below Advertisement

After combing through the database, the company found the real number was much smaller, but some companies have still been badly hit. The cache reportedly contains 57 million Mail.ru accounts, affecting most of the service''s 64 million active users.

Stolen passwords can fetch a good price on the black market, but the Russian hacker was only asking for 50 roubles (around 52p) for the entire trove. He eventually handed the cache over to Hold Security researchers after they said they would post favourable comments about him on the internet, to stay in line with their policy of never paying for stolen data.

Speaking to the news agency, Hold Security founder Alex Holden said: This information is potent. It is floating around in the underground and this person had shown he''s willing to give the data away to people who are nice to him.

Story continues below Advertisement

These credentials can be abused multiple times, he added.

The stolen logins can obviously be used to access email accounts, but users who tend to have the same password for multiple websites are even more vulnerable.

Users concerned about the leak would be wise to change their passwords, start using different passwords for different accounts, and enrol in two-step verification on supporting sites.

Story continues below Advertisement

Now, Mail.ru is analysing the password database, to check if the entries actually match up to user accounts.

A Microsoft spokesperson said: Unfortunately, there are places on the internet where leaked and stolen credentials are posted, and when we come across these or someone sends them to us, we act to protect customers. Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access to their account.”

The Independent has contacted Google and Yahoo! for comment. – The Independent

Related Topics:

Share