A security firm claims to have uncovered a huge cache of 272.3 million email user credentials relating to Google, Yahoo, Microsoft and Mail.ru accounts being sold on a Dark Web forum by a Russian hacker – and this is only a part of an even larger cache of 1.17 billion records collected from numerous other breaches no one yet knows about.
Hold Security, which has previously uncovered huge data breaches on US chain store Target, Adobe Systems and JPMorgan, routinely spends a lot of time talking to hackers in order to discover new information – trying to get cybercriminals to spill the beans without paying them any money, in order to return stolen records to their rightful owners.
Hackers often claim to have large amounts of stolen data, but to the security firm's surprise, the young Russian they spoke to posted on a forum that he would be happy to let go of 272.3 million credentials for just 50 rubles (£0.52, $0.80).
Hacker wanted just 50 rubles for millions of stolen credentials
But after talking to the hacker for several more days and interacting with him on social media, the Russian then revealed that he was actually sitting on 1.17 billion stolen records. The researchers are currently still trying to figure out where all the information came from.
"50 rubles is what the hacker wants for this incredibly large set of data. He can't be serious; based on today's exchange rate it is less than one US dollar. This greatly impacts the data's credibility and value, similar to an expensive sports car being sold for pennies at auction," the researchers wrote in a blog post.
"'I am just getting rid of it but I won't do it for free,' he replies. In all reality, 50 rubles is next to nothing, but we refuse to contribute even insignificant amounts to his cause. It is rather funny to negotiate over this, but finally the hacker just asks us to add likes/votes to his social media page (so much for anonymity)...and once he is satisfied with the results we get a link to an incredible 10 gigabytes in a compressed database, which takes us more than hour to download."
Email credentials stolen from a major European telco
So far, the researchers have discovered that out of the 1.17 billion records, there are only 273.3 million unique credentials. They largely come from a major Eastern European communication firm, some medium-size online service providers and other unattributed data often peddled by hackers for easy cash. Also only 0.45% of the content is new, which means that most of the stolen data has already been identified.
Out of the 273.3 million unique credentials, 21% (57 million) were accounts from Mail.ru (a popular Russian email provider), 15% (40 million) were Yahoo Mail credentials, 12% (33 million) were Hotmail Microsoft Live email acocunts and 9% (about 24 million) were Gmail accounts, Alex Holden, founder and chief information security officer of Hold Security told Reuters.
Mail.ru told Reuters that it is currently analysing the data gained from Hold Security to see if active users have been compromised, while Microsoft said that stolen email credentials do happen, but Microsoft requires additional information to verify account users in order to prevent hackers and scammers from accessing email accounts.
IBTimes UK has contacted Yahoo and Google for comment and is waiting for a response.