Security experts have gained access to a treasure trove of stolen email accounts being traded in Russia’s criminal underworld. The millions of accounts are mainly from Mail.ru, Russia’s most popular email service, but also include a slightly smaller percentage of accounts from Microsoft, Google, and Yahoo.
This latest discovery occurred after security firm Hold Security contacted a young Russian hacker who happened to be bragging in an online forum. The hacker claimed to be in possession of over a billion stolen accounts, and was prepared to just give them away to people he liked.
The hacker had originally asked for 50 roubles (about RM3) for the entire collection of accounts, but agreed to share them with the researchers in exchange for a little publicity on hacker forums.
While the actual number of accounts was closer so 273 million, it did reveal the extent of a massive data breach from the world’s most popular email services. Some 40 million Yahoo accounts, 33 million Hotmail accounts, and 24 million Gmail accounts were discovered; although it is unknown how these credentials were obtained.
The source of the database could not reveal where the data breach happened, as the hacker appears to have simply collected the information from many separate sources. However, it is an indication of a larger problem with how people treat their online security.