One of the biggest and most significant hacks was revealed today. Apparently, Google, Yahoo and Hotmail accounts are among the stolen credentials currently being traded in Russia. A very large number of Mail.ru accounts have also been compromised.
Reuters broke the story and they spoke with Alex Holden, founder and chief information officer of Hold Security. He said, This information is potent. It is floating around in the underground and this person has shown he's willing to give the data away to people who are nice to him." He added, "These credentials can be abused multiple times."
Holden said that Hold Security researchers were alerted to the breach when a Russian hacker bragged online about a cache of stolen credentials which tops up at 1.17 billion records. After sifting through the files, Hold found out that included in the breach are 57 million Mail.ru accounts. Public statements from last year show that active monthly users of the mail provider are at 64 million-so a great majority of its users are in danger of fraud and other cyber attacks.
In addition to this, "tens of millions" of Gmail, Microsoft and Yahoo accounts were also part of the data dump. But it does not end there. Even unspecified German and Chinese email providers are included and combined they account for hundreds of thousands of entries. However, since it is apparently Hold Security's policy not to pay for stolen data, the hacker agreed to give the data dump in exchange for positive comments in hacker forums.
The risk of theft, phishing, break-ins and identity theft in multiple accounts multiplies the danger considerably since many people use the same password for their major accounts. Since email accounts are primary accounts, it is more than possible that banking and social media accounts can be hacked as well.
Mail.ru has also come out with a statement saying, "As soon as we have enough information we will warn the users who might have been affected." The email added that their initial checks have yielded no results for live combinations of usernames and passwords contained in the data dump.