Russian Hackers Have 270 Million Email Logins, Including Gmail and Yahoo Accounts
Gizmodo: A report from Reuters suggests that over 270 million hacked email credentials—including those from Gmail, Hotmail and Yahoo—are circulating among Russian digital crime rings.
Reuters reports that an investigation by Hold Security revealed the huge stash of login details, that are said to be being traded among criminals. Many of the credentials relate to the Russian email service Mail.ru, but the team has also identified details from Google, Yahoo and Microsoft.
Update: There may, however, not be too much cause for concern, as Motherboard points out that the data may in fact be taken from a series of older hacks, which means the credentials are likely useless.
The team from Hold Security was offered a tranche of 1.17 billion email user records in an online forum, and asked to pay just $1 for a copy of the data. The team refused to pay for stolen data, but was given the information anyway when it offered to post positive comments about the hacker online.
The team has since sifted through the data set to remove duplicates, revealing that it contains 270 million unique records. Alex Holden, the founder of Hold Security, told Reuters that the data was “potent,” adding that the “credentials can be abused multiple times.”
Hold Security has apparently alerted all of the affected email providers. Mail.ru, Google, Yahoo and Microsoft are all now investigating the situation.
A Microsoft spokesperson told Gizmodo that “unfortunately, there are places on the internet where leaked and stolen credentials are posted,” adding that it “has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access to their account.”
It may be that the stash is out of date and doesn’t present too much of a security threat—though, of course, it could be a new pool of data, in which case the accounts included in the tranche could be at risk. Initial reports to the BBC from Mail.ru suggest that, from a sample of the records, there may not be many live email-passwords combinations in the data.
But it may be a good time to refresh your password anyway.
****
In a Wednesday statement, Mail.ru said its early analysis suggests many username/password combinations contain the same username paired with different passwords.
“We are now checking whether any username/password combinations match valid login information for our email service, and as soon as we have enough information we will warn the users that might have been affected,” the Russian service said.
The cache reportedly included tens of millions of certificates for Google Gmail, Microsoft Hotmail, and Yahoo Mail, as well as German and Chinese email providers.
“Unfortunately, there are places on the Internet where leaked and stolen credentials are posted, and when we come across these or someone sends them to us, we act to protect customers,” a Microsoft spokeswoman told PCMag. “Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access to their account.”
Google declined to comment, while Yahoo did not immediately respond to PCMag’s request.
The junior hacker—either inexperienced in the art of haggling, or just too rich to care—asked for only 50 rubles in exchange for the “incredibly large set of data.” Equivalent to about 75 cents, the payment request did little to boost Hold Security’s confidence in the data’s credibility and value. The move was “similar to an expensive sports car being sold for pennies at auction,” the firm said.
Hold refused to pay and convinced the hacker to trade the data for likes/votes on his social media page.
“At the end, this kid from a small town in Russia collected an incredible 1.17 billion stolen credentials from numerous breaches that we are still working on identifying,” Hold Security said. More from PC Magazine.
*****
In a shocking report from FireEye Inc., a California security firm with top government connections, as well as three other reports, the existence of a Russian-based hacker group, which appears to be a joint effort by the Russian government and the Russian Mafia, has been revealed, The Wall Street Journal reports.
Terming the hacker attack “Safacy” or “APT28,” the computer anti-hacking firm’s report, called “A Window Into Russia’s Cyber Espionage Operations,” notes, “We assess that APT28’s work is sponsored by the Russian government” and is more technically sophisticated than Chinese-hacking efforts earlier detected and exposed by FireEye, the report states.
“I worry a lot more about the Russians” than about China, James Clapper, director of national intelligence, said at a University of Texas forum, the Journal reports. More from NewsMax.