Russia’s criminal underworld is now buying and selling several millions of hacked usernames and passwords from largely known email services.
It is stated that the discovery of the 272.3 million hacked accounts had also included a large majority of users that are utilizing Mail.ru / MAILRq.L. This happens to be Russia’s most popular choice for email services. Smaller fractions of the exploited information contains Google’s (Google.o), Yahoo (YHOO.O), and even Microsoft (MSFT.O) email users.
This is reported as one of the largest stashes of stolen credentials uncovered since the last Cyber Attacks hit the largely populated U.S. Banks, as well as other retailers just two years ago.
Hold Security has been known to previously uncover a couple of the world’s largest and biggest known data breaches. His breaches included affecting tens of millions of users that utilized Adobe Systems, JP Morgan, and even Target. He would then expose his breaches onto subsequent cyber-crimes.
Holden’s latest discovery followed after informing security researchers about a young Russian hacker boasting about his collection on an online forum. This young Russian hacker was about to give away a large number of stolen credentials, totaling up to 1.17-billion records.
After researching the information and eliminating any duplicate information, Holden proclaimed that the cache had in fact contained almost 57 million ‘Mail.ru’ accounts. This is a large chunk out of the reported 64 million monthly and active, users. The list also contained information about the three largest email providers in the world (Google, Yahoo, and Microsoft). This also included hundreds of thousands of other email accounts in German and Chinese email providers.
This unknown hacker had only asked for just 50 Roubles, which is just shy of $1, for the entire document. However, the hacker willingly gave up the trove of the dataset after Hold researchers had agreed to post favorable comments about him in a hacker forum. Holden stated that his research company policies refuses to pay for any stolen data.
Large-scaled data breaches are used to engineer even further break-ins as well as any phishing attacks. They can be engineered by researching the universe of contacts that may be tied into each of the compromised accounts, then multiplying the high-level risks of financial theft, and even reputational damage that is seen around the globe.
Hackers understand that typical web users have a tendency to cling onto their favorite passwords. This aids them in remembering their online accounts. Also, resisting admonitions in order to alter their login credentials on a regular basis, can make them a valuable target for online hackers. This is why hackers make good use of any and all old passwords that have been found on one account, to use on other accounts.
Since this breached exploit, Mail.ru informed Reuters that they are currently looking at all of the combinations of the usernames and passwords, in order to match current users email accounts.