Hold Security finds hacker trying to offload stash of 272.3 million stolen email account credentials
Details of millions of hacked Google, Yahoo, and Microsoft email accounts have appeared online, where a Russian hacker was attempting to sell them on an online forum.
The 272.3 million stolen accounts mostly consisted of Mail.ru email account credentials, Russia’s largest email service, according to Reuters.
But the security researcher who uncovered the stash of email credentials said that Google, Yahoo, and Microsoft email accounts were also up for sale.
1.17 billion records
Alex Holden, founder of Hold Security, told the agency that he and his team of researchers found a Russian hacker boasting on a forum that he was ready to offload a batch of stolen email credentials, consisting of 1.17 billion records. Those credentials included the 272.3 million stolen email accounts.
After a process of deleting duplicate records, Holden told Reuters he ended up with almost 57 million Mail.ru accounts, a significant proportion of Mail.ru’s 100 million active users.
The dump of data also contained “tens of million” of credentials for Gmail, Microsoft, and Yahoo email accounts, along with hundreds of thousands of other accounts associated with Chinese and German email providers.
TechWeekEurope is awaiting response from Microsoft, Google, and Yahoo.
“This information is potent. It is floating around in the underground and this person has shown he’s willing to give the data away to people who are nice to him,” Holden is quoted as saying.
“These credentials can be abused multiple times.”
But in the end, the hacker gave up the stash of credentials for free, on the basis that Holden and Hold Security would give praise to the hacker in online forums for allegedly obtaining the data in the first place.
Holden told TechWeekEurope today that his main concern is the hacker’s lack of importance to the data considering its potential potency.
“If he gave away this data to us, he might of done it countless other times to different groups of hackers which may abuse or repost this data in many different malicious ways,” he said.
A Mail.ru spokesperson, after being told about the breach, told the agency: “We are now checking, whether any combinations of usernames/passwords match users’ e-mails and are still active.
“As soon as we have enough information we will warn the users who might have been affected,” she said, adding that Mail.ru’s initial checks found no live combinations of usernames and passwords which match existing emails.
According to Holden, there 40 million Yahoo Mail credentials involved in the breach. Microsoft Hotmail accounts made up 33 million of the credentials, with 24 million belonging to Gmail users. Alongside these, thousands of other login credentials were found that belong to employees in some of the biggest US manufacturing, banking, and retail companies.
“50 rubles is what the hacker wants for this incredibly large set of data. He can’t be serious; based on today’s exchange rate it is less than one US dollar. This greatly impacts the data’s credibility and value, similar to an expensive sports car being sold for pennies at auction,” Hold Security said in a blog post.
“’I am just getting rid of it but I won’t do it for free’, he replies. In all reality, 50 rubles is next to nothing, but we refuse to contribute even insignificant amounts to his cause. It is rather funny to negotiate over this, but finally the hacker just asks us to add likes/votes to his social media page (so much for anonymity). That we can do, and once he is satisfied with the results we get a link to an incredible 10 gigabytes in a compressed database, which takes us more than hour to download.
“Within several days of communication and after a couple more strategically timed votes on his social media pages, he shared more useful information.
“At the end, this kid from a small town in Russia collected an incredible 1.17 Billion stolen credentials from numerous breaches that we are still working on identifying. 272 million of those credentials turned out to be unique, which in turn, translated to 42.5 million credentials – 15 percent of the total, that we have never seen before.”
It was 2014 when Holden and his team found a cache of 1.2 billion stolen credentials in the world’s largest ever case of stolen accounts.
According to research by Hold Security, a group dubbed ‘CyberVor’ (‘CyberThief’ in Russian) had been using several botnets to automate the process of scanning for vulnerabilities such as SQL injection flaws. Later, they simply attacked the websites which were proven to be vulnerable to gain access to the credentials.