A recent report found that millions of stolen passwords and usernames belonging to Gmail, Yahoo, and Hotmail accounts are being traded by Russia’s criminal underworld. According to the report, about 272.3 million accounts were stolen, most of which belong to the users of Mail.ru, Russia’s most popular email service. The rest of the accounts have been stolen from the users of Gmail, Yahoo, and Microsoft.
The data breach uncovered by Alex Holden, founder and chief information security officer of Hold Security, is the largest of its kind since US banks and retailers were hit by cyber attacks two years ago. Reuters reported that Holden has previously uncovered a number of major data breaches involving the Adobe Systems, JP Morgan, and Target and exposed them to cyber crimes.
The researchers at the Hold Security came across a Russian hacker at an online forum who was bragging about collecting a large number of stolen data.
After dismissing the duplicates, Holden put the total number of email accounts by Mail.ru users at 57 million. The data also included a large number of credentials for Gmail, Yahoo, and Microsoft as well as those of German and Chinese email providers.
“This information is potent. It is floating around in the underground and this person has shown he’s willing to give the data away to people who are nice to him,” Reuters quoted Holden, the former chief security officer at US brokerage R.W. Baird, as saying. “These credentials can be abused multiple times.”
The hacker asked for less than US$1 for giving up the data, provided the Hold researchers posted positive reviews about him in the hackers’ forum.
A report by the Mail Online suggested a few guidelines for choosing passwords for email accounts. Passwords with the names of particular sports, for example, “football” or “baseball” tops the list of the worst choices. Birthdays and other dates of personal importance can be guessed easily with the help of the information provided in the user’s profile.