A prominent security researcher told Reuters that he acquired a database containing records of stolen email accounts hacked by a Russian teen hacker in exchange for an online forum review. The stolen information contains usernames and passwords including those from Gmail, yahoo Mail and Microsoft email providers.
Holden said: "This information is potent. It is floating around in the underground and this person has shown he’s willing to give the data away to people who are nice to him. These credentials can be abused multiple times."
After possessing the breached information, Hold Security scanned through the 1.17 billion records and extracted a total of 272.3 million individual email accounts' usernames and passwords. The security firm also said that the largest quota of the stolen information was found to be from Mail.ru, which is the biggest Russian email service provider with over 64 million active users.
Other popular global email service providers were also affected in the breach. Yahoo Mail reportedly has 40 million email credentials affected, 33 million from Microsoft Hotmail and Gmail with about 24 million stolen login details. Some popular email service providers from Germany and China were also involved, although, no further detail was given."
The affected individuals in the breach were found to be top employees in some of the largest U.S. banking, manufacturing and retail companies. However, Microsoft which had 33 million said individual accounts denied such claims; they emphasized that their two-step verification process will not allow such breaches. Gmail and Yahoo who are also massively affected, have as yet failed to make any public statements. Holden has said that he has personally been informing the affected organizations and companies about this incident.
Holden further added this in an interview with Reuters, “This information is potent, it is floating around in the underground and this person has shown he's willing to give the data away to people who are nice to him. These credentials can be abused multiple times."
While compromising email login details provided by the likes of Gmail and Yahoo seems almost impossible, it is likely the login credentials were collected from less secured websites where their users use email usernames and passwords for membership login.
Hold security founder, Holden added that, "Some people use one key for everything in their house, some people have a huge set of keys that they use for each door individually."
At the moment, Holden said there is no provision where concerned consumers could check if their emails have been affected through his firm. He attempted implementing something of this nature in another 1 billion login credentials hack in 2014 but the decision left his site crashed.
In the end, IT security experts recommend that users of the affect breach should change their passwords as soon as possible or at least ensure that they are using the two-step verification process. Concerned users who are not sure whether they are affected can as well take same action by updating their login details.
Article Source: Trinesty