Gmail, Yahoo and Hotmail users should be on high alert right now as a new report has brought to light that hundreds of millions of usernames and passwords are being stolen and exchanged online by Russian hackers. Over 272.3 million email accounts have been compromised due to a recent assault, easily making it one of the biggest international cyber attacks in recent times.
Hold Security, the security firm which uncovered the breach, says that a majority of the people affected belonged to Russia’s popular Mail.ru email service. Of the total number, 57 million were Mail.ru users, 40 million were Yahoo patrons, 33 million were Hotmail members, 24 million were Gmail consumers, and the rest were German and Chinese accounts.
While the findings are pretty disturbing, what makes things worse is the fact that a young Russian hacker had all this information at his fingertips. As described in a post on its website, a Hold Security analyst found the man boasting that he had stolen nearly 900 million credentials in an online forum.
Also See: Yahoo Now Alerts Users to Govt-backed Attacks
In a strange twist of events, the Russian was ready to give away his treasure trove for just 50 roubles, translating to less than a dollar. Hold Security doesn’t pay hackers for any kind of information, so the parties agreed to a deal where the firm would leave likes/votes to his social media page in exchange for the approximately 10GB of stolen data.
The team continued to pursue the hacker in this manner and eventually found that he had amassed over 1.17 Billion login credentials. While a number of these were later confirmed to be duplicates, the 272 million left over still marks a pretty massive security breach. Thousands of these apparently belong to US citizens working in some of the biggest US retail, banking and manufacturing companies.
Hold Security has now gone ahead and started informing the affected email services about the issue. Microsoft told Reuters that it has security measures in place to find out if an account has been compromised and will ask for further information to verify an account owner in case it occurs. Gmail and Yahoo haven’t commented on the attack yet.
If you’re worried your account has been exposed, the best thing to do would be to change your password and set up two-step authentication for additional security.