Massive email hack hits millions

“Hundreds of millions of hacked user names and passwords for email accounts and other websites are being traded in Russia’s criminal underworld, a security expert told Reuters,” Eric Auchard reports for Reuters. “The discovery of 272.3 million stolen accounts included a majority of users of (MAILRq.L), Russia’s most popular email service, and smaller fractions of Google, Yahoo and Microsoft email users, said Alex Holden, founder and chief information security officer of Hold Security. It is one of the biggest stashes of stolen credentials to be uncovered since cyber attacks hit major U.S. banks and retailers two years ago.”

“The latest discovery came after Hold Security researchers found a young Russian hacker bragging in an online forum that he had collected and was ready to give away a far larger number of stolen credentials that ended up totalling 1.17 billion records,” Auchard reports. “After eliminating duplicates, Holden said, the cache contained nearly 57 million accounts – a big chunk of the 64 million monthly active email users said it had at the end of last year. It also included tens of millions of credentials for the world’s three big email providers, Gmail, Microsoft and Yahoo, plus hundreds of thousands of accounts at German and Chinese email providers.”

“Yahoo Mail credentials numbered 40 million, or 15 percent of the 272 million unique IDs discovered. Meanwhile, 33 million, or 12 percent, were Microsoft Hotmail accounts and 9 percent, or nearly 24 million, were Gmail, according to Holden,” Auchard reports. “Thousands of other stolen username/password combinations appear to belong to employees of some of the largest U.S. banking, manufacturing and retail companies, he said.”

Read more in the full article here.

MacDailyNews Take: Massivity.

Hey, let’s be careful out there.

[Thanks to MacDailyNews Reader “Lynn Weiler” for the heads up.]


  1. As a techno, I’m consistently stunned at how poorly people, especially IT staff, understand modern technology. My great fear is that, because of the consequences of using the technology incorrectly or poorly, there will be a Luddite backlash against it. It would amount to: “We’re to tech-disabled to understand and use it correctly; Therefore, let’s burn it all down.”

    Hopefully, the kids growing up with it, who’ve developed an innate understanding of how it works and doesn’t work, will improve the state of technology and champion understanding and using it correctly.

    One of my favorite platitudes:
    Technology is a tool. If you ever find it is no longer a tool, you’re doing it wrong.

    That’s clearly the case with this ongoing deluge of server and client hacking around the world.

        1. So is most of my family. Part of my manifesto is to help technology out of the geek-only phase into the humane phase of usability. We’re still in ‘The Dark Age of Computing’. Hang in there!

      1. THAT is another issue. Frank Herbert (original author of the ‘Dune’ series of books) used the Butlerian Jihad as the backdrop of his future sci-fi universe. Those AI devices were still tools. But the enablement of laziness, the disablement of incentive caused the moribundity of mankind. The revolution against the ‘machine’ in that universe was a revolution against mankind’s own self-imposed stagnation and devolution. We’re, interestingly, in the same state around the world right now thanks to the parasites who puppet world governments, the sum who use short-term demands for ca$h for their enrichment at the expense of incentive, leading to long-term disaster worldwide. I’ll stop there before going all Cassandra on everyone. – – IOW: We could use a similar revolution right now, without blaming our machines for the problem. – – Or so I surmise after a long day. 😉

  2. Well, we did see this coming, but just didn’t want to talk about it.

    I use Gmail only for my eBay work, so I guess I’ld better sign in and change the password this morning.

    The days of only having one password for users is long over but most people don’t think about it that much.

    1. But these are passwords for email providers…

      Email is the one point of failure for internet security (if two-factor isn’t on)

      Once you get the email account it’s just a matter of resetting passwords…

  3. Why are the passwords stored in a manner that would enable them to even be recovered?

    If the password is forgotten there are reset mechanisms that don’t involve needing to know the previous passwords…

  4. “This information is potent. It is floating around in the underground and this person has shown he’s willing to give the data away to people who are nice to him,”

    I guess that gives us a clear idea on who won’t be getting the information.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.