“Hundreds of millions of hacked user names and passwords for email accounts and other websites are being traded in Russia’s criminal underworld, a security expert told Reuters,” Eric Auchard reports for Reuters. “The discovery of 272.3 million stolen accounts included a majority of users of Mail.ru (MAILRq.L), Russia’s most popular email service, and smaller fractions of Google, Yahoo and Microsoft email users, said Alex Holden, founder and chief information security officer of Hold Security. It is one of the biggest stashes of stolen credentials to be uncovered since cyber attacks hit major U.S. banks and retailers two years ago.”
“The latest discovery came after Hold Security researchers found a young Russian hacker bragging in an online forum that he had collected and was ready to give away a far larger number of stolen credentials that ended up totalling 1.17 billion records,” Auchard reports. “After eliminating duplicates, Holden said, the cache contained nearly 57 million Mail.ru accounts – a big chunk of the 64 million monthly active email users Mail.ru said it had at the end of last year. It also included tens of millions of credentials for the world’s three big email providers, Gmail, Microsoft and Yahoo, plus hundreds of thousands of accounts at German and Chinese email providers.”
“Yahoo Mail credentials numbered 40 million, or 15 percent of the 272 million unique IDs discovered. Meanwhile, 33 million, or 12 percent, were Microsoft Hotmail accounts and 9 percent, or nearly 24 million, were Gmail, according to Holden,” Auchard reports. “Thousands of other stolen username/password combinations appear to belong to employees of some of the largest U.S. banking, manufacturing and retail companies, he said.”
Read more in the full article here.
MacDailyNews Take: Massivity.
Hey, let’s be careful out there.
[Thanks to MacDailyNews Reader “Lynn Weiler” for the heads up.]