Hacker sells 272 million Google, Yahoo and Hotmail email accounts online

Criminals could hack into the email accounts or send phishing attacks

Gmail and YouTube icons on a smartphone screen

The usernames and passwords of 272.3 million Google, Yahoo and Hotmail email users have been stolen and are now being sold online - most commonly between Russian criminals.

Victims' details could be used to break into their email accounts or to launch phishing attacks seeking further information such as bank details, Alex Holden, founder and chief information security officer of Hold Security, who discovered the breach, told Reuters, saying it is one of the biggest stashes of stolen credentials to be discovered in two years.

The email addresses affected include those hosted on Mail.ru, Google, Yahoo and Microsoft, with the Russian-hosted provider being worst hit. In fact, Holden believes 57 million accounts in use with that particular .ru domain are affected, accounting for more than 90 per cent of the company's total active users.

A total 15 per cent of the details stolen related to Yahoo email accounts, 12 per cent were Microsoft Hotmail accounts and nine per cent were Gmail email addresses.

The hacker who stole the details charged just 50 rubles (50p) for the entire collection of email details, although he is not averse to giving the database away for free to those who offer to post positive feedback about him or her on forums.

"This information is potent. It is floating around in the underground and this person has shown he's willing to give the data away to people who are nice to him," Alex Holden, founder and chief information security officer of Hold Security, said. "These credentials can be abused multiple times."

Holden said his researchers received the entire bank of data for free when his researchers sweet-talked the criminal in hacker forums.

Mail.ru said in a statement: "We are now checking, whether any combinations of usernames/passwords match users' e-mails and are still active. As soon as we have enough information we will warn the users who might have been affected."

Microsoft added: "Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access."

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

Hackers leak data from dark web marketplace
cyber security

Hackers leak data from dark web marketplace

9 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021
Hackers sell $38 million in gift cards on Russian marketplace
hacking

Hackers sell $38 million in gift cards on Russian marketplace

7 Apr 2021
Personal data of 533 million Facebook users found on hacking forum
data protection

Personal data of 533 million Facebook users found on hacking forum

5 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021