Millions of Stolen Email Credentials Shared Online

• By Sydny Shepard
• May 05, 2016

Hundreds of millions of stolen user names and passwords belonging to email accounts and other websites are being traded online in Russia, security experts have found.

The discovery of 272.3 million stolen accounts included a majority of users of Mail.ru, Russia’s most popular emailing service, and smaller fractions of Google, Yahoo and Microsoft email users, Hold Security reported, making it one of the biggest stashes of stolen credentials to be uncovered since cyber attacks hit major U.S. banks and retails two years ago.

The discovery was found when Hold Security researchers found a young Russian hacker bragging in an online forum. He said that he had collected 1.17 billion account credentials and was ready to give them away.

The hacker asked for just 50 roubles – less than $1 – for the entire database, but gave up on receiving the money in exchange for Hold Security to post favorable comments about him on a few online forums.

Email account credentials can be used various ways. They can be used to conduct phishing attacks that can infect a user’s universe of email contacts. Hackers also know that the majority of people are tied to single passwords of variations of the same password, so they can login to an email account and see which websites you are associated with and try to break into those, too, compromising personal and financial information.

Mail.ru told Reuters that they are currently checking if the combinations of usernames and passwords match users’ emails. For now, the accounts they have found in connection to the database are not active.