Russian Hacker Offered 272 Million Unique Email Credentials for a Dollar | Hacked: Hacking Finance
user

Russian Hacker Offered 272 Million Unique Email Credentials for a Dollar

Introduction

Samburaj Das

Samburaj Das

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.


LATEST POSTS

Total Coverage 22nd August, 2017

ChronoPay Looks to Kickstart Bitcoin Adoption in Russia 29th May, 2017

Breaches

Russian Hacker Offered 272 Million Unique Email Credentials for a Dollar

Posted on .
This article was posted on Wednesday, 18:40, UTC.

In what constitutes a major data breach comprising of hundreds of millions of email account credentials belonging to service providers like Google, Yahoo and Microsoft, a security firm discovered one Russian hacker who was willing to sell over a billion records, for less than a dollar.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

Security firm Hold Security has claimed that it has discovered some 272 million accounts, now ‘recovered’ as a part of a bigger haul of 1.17 billion records amassed by a Russian hacker over time.

Hold Security has been at the center in uncovering some of the biggest known data breaches in recent times including the infamous Adobe Systems breach, as well as the JPMorgan and Target breaches.

In a new blog post, the firm revealed how they communicate with hundreds of hackers to constantly monitor any new information due to recent breaches.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

“We do not pay hackers for stolen data. If they have something new and valuable, we start our dance; ask, negotiate, finagle, anything permissible to get the data without rewarding the bad guys for their work,” Hold Security explained.

It is here when a Russian hacker claimed to have over 900 million credentials in one giant dump, which had even the skeptical researchers at Hold, intrigued.

After looking through samples, researchers concluded that the swarm of records is a collection of multiple breaches in which the hacker accumulated data over time.

What does the hacker want in return? 50 rubles. Or less than one US dollar.

A Dollar for One of the Largest Collections of Stolen Email Data

As mentioned above, Hold wasn’t going to pay anything to the hacker, even the relatively insignificant amount mentioned. Instead, the hacker sought fame and credibility and asked the security firm to like and vote his social media page. With that out of the way, the firm had 10GB of compressed data.

The initially discovered numbers show:

  • 917 million records.
  • 8 characters per credential on average.
  • 19 million unique credential pairs out of 80 million credentials starting with the letter “a”
  • Only 0.45% of the stash is new, or 1 out of 200 credentials.

With further communication and some extra voting on the hacker’s social media pages, more information was shared.

The numbers show:

  • An incredible 1.17 Billion stolen credentials.
  • 272 million unique credentials, a tremendous number of newly discovered stolen data.

As revealed by Reuters, who spoke to Hold Security founder and CISO Alex Holden:

  • 40 million or 15 percent of the 272 million unique IDs discovered belonged to Yahoo Mail.
  • 33 million or 12 percent were Microsoft Hotmail accounts.
  • 24 million or 9 percent were Gmail accounts.

Hold Security has already communicated the breach to organizations affected by it, an ongoing process which began 10 days ago.

If you have a Gmail, Yahoo or Microsoft email account, it’s time to change your password!

Hacked has reached out to Google, Yahoo and Microsoft for comment.

Featured image from Shutterstock.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Samburaj Das

Samburaj Das

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.

Comments
  • user

    AUTHOR Omri Toppol

    Posted on 7:45 am May 5, 2016.

    That’s why you need LogDog app that guards your online accounts and gives you the peace of mind from these pasty hackers

  • View Comments (1) ...
    Navigation
    The team:
    Dmitriy Lavrov
    Analyst
    Dmitriy Lavrov is a professional trader, technical analyst and money manager with 10 years of trading experience. He covers Forex, Commodities and Cryptocurrencies. He is among the top 10 most Read More
    Jonas Borchgrevink
    Founder
    Jonas Borchgrevink is the founder of Hacked.com and CryptoCoinsNews.com. He is a serial entrepreneur, trader and investor. He shares his own personal journey on Hacked.com. // -- Discuss and ask Read More
    Mate Csar
    Analyst
    Trader and financial analyst, with 10 years of experience in the field. An expert in technical analysis and risk management, but also an avid practitioner of value investment and passive Read More
    Mati Greenspan
    Analyst
    Senior Market Analyst at Etoro.com. // -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- // Important: Never invest Read More
    Rakesh Upadhyay
    Analyst
    Rakesh Upadhyay is a Technical Analyst and Portfolio Consultant for The Summit Group. He has more than a decade of experience as a private trader. His philosophy is to use Read More
    Pamela Meropiali
    Account Manager
    Pamela Meropiali is responsible for users on Hacked.com. // -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- // Read More
    Joseph Young
    Journalist
    Joseph Young is a finance and tech journalist & analyst based in Hong Kong. He has worked with leading media and news agencies in the technology and finance industries, offering Read More
    In a campaign that sees activist and hacktivist collective Anonymous…