Cyber security alert as expert warns millions of Gmail, Hotmail and Yahoo email accounts have been hacked

The hacker was giving away data to people who were nice to him on online forums

By TOM TOWERS

Published: 18:46, 4 May 2016
Updated: 9:32, 6 Oct 2016

Computer security experts uncovered 272.3 million stolen accounts

HUNDREDS of millions of hacked usernames and passwords for email accounts and other websites are being exchanged in Russia’s criminal; underworld, a security expert told Reuters.

The discovery of 272.3 million stolen accounts affected Mail.ru, Russia’s most popular mail service, as well as Google, Yahoo and Microsoft users.

Alex Holden, founder and chief information security officer of Hold Security, uncovered the data breach.

Hold Security researchers spotted a young Russian hacker bragging in an online forum that he had collected stolen credentials totalling 57 million Mail.ru accounts.

It also included tens of millions of credentials for Gmail, Microsoft and Yahoo, plus hundreds of accounts belonging to Chinese and German email providers.

It affected Mail.ru, Russia’s most popular mail service, as well as Google, Yahoo and Microsoft users

Holden said: “This information is potent. It is floating around in the underground and this person has shown he’s willing to give the data away to people who are nice to him.

“These credentials can be abused multiple times.”

The hacker asked for just 50 roubles – less than $1 – for the entire trove, gut gave up the data after Hold researchers agreed to post favourable comments about him in forums.

He told the hacker it was company policy not to pay for stolen data.

These data breaches can be used to engineer further break-ins by targeting the contacts of each compromised account.

After being informed of the potential breach, Mail.ru spokeswoman Madina Tayupova told Reuters: “We are now checking, whether any combinations of usernames and passwords which match existing emails.”

A Microsoft spokesman said: “Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access.”

Thousands of other stolen username and password combinations belong to employees of some of the largest US banking, manufacturing and retail companies.

In 2014, Holden uncovered a cache of 1.2 billion unique credentials that marked the world’s biggest ever recovery of stolen accounts.

His firm analyses cyber threats in forums and chatrooms , speaking to hackers in their unique languages while developing profiles of criminals.

MORE SECTIONS

MORE FROM THE SUN