Hacker sells 272 million Google, Yahoo and Hotmail email accounts online

Criminals could hack into the email accounts or send phishing attacks

Gmail app icon

The usernames and passwords of 272.3 million Google, Yahoo and Hotmail email users have been stolen and are now being sold online - most commonly between Russian criminals.

Victims' details could be used to break into their email accounts or to launch phishing attacks seeking further information such as bank details, Alex Holden, founder and chief information security officer of Hold Security, who discovered the breach, told Reuters, saying it is one of the biggest stashes of stolen credentials to be discovered in two years.

Advertisement - Article continues below

The email addresses affected include those hosted on Mail.ru, Google, Yahoo and Microsoft, with the Russian-hosted provider being worst hit. In fact, Holden believes 57 million accounts in use with that particular .ru domain are affected, accounting for more than 90 per cent of the company's total active users.

A total 15 per cent of the details stolen related to Yahoo email accounts, 12 per cent were Microsoft Hotmail accounts and nine per cent were Gmail email addresses.

The hacker who stole the details charged just 50 rubles (50p) for the entire collection of email details, although he is not averse to giving the database away for free to those who offer to post positive feedback about him or her on forums.

Advertisement - Article continues below

"This information is potent. It is floating around in the underground and this person has shown he's willing to give the data away to people who are nice to him," Alex Holden, founder and chief information security officer of Hold Security, said. "These credentials can be abused multiple times."

Advertisement - Article continues below

Holden said his researchers received the entire bank of data for free when his researchers sweet-talked the criminal in hacker forums.

Mail.ru said in a statement: "We are now checking, whether any combinations of usernames/passwords match users' e-mails and are still active. As soon as we have enough information we will warn the users who might have been affected."

Microsoft added: "Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access."



cyber security

Hackers torn over how to adapt their tactics to the coronavirus pandemic

3 Apr 2020

Most Popular


Google releases location data to show effectiveness of coronavirus lockdowns

3 Apr 2020
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020

These are the companies offering free software during the coronavirus crisis

2 Apr 2020