Massive Data Breach Hits Russian Users of Gmail, Yahoo and Hotmail — Russian Hacker Steals 250 million Email Addresses and Passwords and Puts them On Sale
This time, it is a massive data breach conducted successfully allegedly by Russian hackers. In the hack attack, around 250 million email addresses and passwords belonging to users of Yahoo, Google, Microsoft and Mail.ru (a Russian email service) in Russia have been stolen. These addresses are currently for sale on what Reuters terms as “Russia’s Criminal Underworld.”
The data breach was identified and reported by Alex Holden from Hold Security. Holden, while talking to Reuters, noted that his firm received information about a Russian hacker who stated that he possessed around 1billion email addresses, which he was willing to sell. This story also reminds us of a breach from 2013 when hackers stole 2 million passwords from Facebook, Gmail, Twitter and Yahoo.
“This information is potent. It is floating around in the underground and this person has shown he’s willing to give the data away to people who are nice to him,” identified Holden.
Holden further acknowledged that the list, after removing duplicate addresses, contained at least 57million of Mail.ru, 33million of Hotmail, 40 million of Yahoo and 24 million of Gmail addresses. Moreover, the list had thousands of email addresses of Chinese and German servers.
In this regard, when Microsoft was contacted, the company’s spokesperson stated that:
“Unfortunately, there are places on the internet where leaked and stolen credentials are posted, and when we come across these or someone sends them to us, we act to protect customers.”
57million of Mail.ru, 33million of Hotmail, 40 million of Yahoo and 24 million of Gmail addresses have been stolen
It was also clarified by Microsoft’s representative that the software giant has implemented exceptional security measures and is looking into the matter.
“Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access to their account.”
According to a spokesperson from Google, their company was also trying to address the issue.
However, it is apparent that such data breaches that involve hundreds and thousands of unique addresses are becoming more and more common and widespread. One such large-scale incident of data breach happened in 2015 in which at least 100million people became targets of data hack including employees of high profile companies like J.P. Morgan and the Wall Street Journal. This particular data breach was the largest within the United States until now.