In a stunning leak, a Russian hacker known as “the Collector” has published millions of stolen email accounts for Gmail, Yahoo and Microsoft. The total amount of records reaches 1.17 billion.
A report by Hold Security says its cyber security team looked at over 272 million accounts so far. Of that, the team had never seen 42.5 million of these before. A large number of accounts came from Mail.ru, Russia’s most popular email service.
Initially, the hacker bragged about the leaks in an online forum. He originally asked Hold for 50 rubles for the 10GB data trove – about $0.75. Eventually, he shared the data in exchange for likes and votes for him on social media.
Hold’s policy is to refuse to pay for stolen data. It’s incredible that the hacker was willing to sell the data for so trivial an amount. This makes it seem as if he already used the accounts for whatever bad intention he had.
Account Data Numbers
- Mail.ru: 57 million
- Yahoo: 40 million
- Hotmail: 33 million
- Gmail: 24 million
Other accounts, numbering in the thousands, come from U.S. employees in banking, manufacturing/retail, and hundreds of thousands from German and Chinese account providers. Alex Holden, founder and CIO of Hold Security, told Reuters,
“This information is potent. It is floating around in the underground and this person has shown he’s willing to give the data away to people who are nice to him. These credentials can be abused multiple times.”
Once a hacker gets their hands on this kind of data, they can do serious damage. Phishing attacks is one example. The hacker can go through all of your contacts in your email account and target your friends and family.
Responding to these breaches, Microsoft and Mail.ru all issued statements. A spokesperson for Microsoft said,
“Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access.”
While Mail.ru said,
“We are now checking, whether any combinations of usernames/passwords match users’ e-mails and are still active. As soon as we have enough information we will warn the users…”
Hold Security’s Routine
The security company says they recover about 100 million stolen credentials every month. This is a hard task to accomplish. The team performs automated harvesting, but this isn’t enough. They keep in contact with hundreds of hackers, trying to find out if they have new information.
Again, the company refuses to pay for stolen data. So when one of their contacts has new and valuable info, they start a process. Similar to haggling, they “ask, negotiate, finagle, anything permissible to get the data without rewarding the bad guys for their work.”
Writing to the hacker, security analysts remain skeptical of claims (and rightly so). “Well isn’t it an interesting claim, I’ll believe it when I see it.” This hacker is willing to brag about his exploits. He provides samples of the data. But verifying this data is hard work. The average unencrypted email address and password pair is 29 characters long.
When the analysts look at a random sample, the distribution of accounts by countries, email providers, and big corporate addresses are almost always identical. It takes a while to confirm that it’s a collection of several breaches happening over time.
When comparing this new breach to their database, Hold found that only 0.45% of new data – 1 out of 200 accounts. Most of the data is old, and it’s possible that affected people/businesses have already secured their accounts.
After this first data cache, Hold realized the hacker had more info. After more talking and haggling, the hacker – a kid from a small Russian town – collected 1.17 billion stolen accounts. These came from multiple breaches. The 0.45% of new accounts rose to 15% for a total of 42.5 million newly hacked accounts.
What To Do
If you have a Hotmail, Yahoo, Gmail or Mail.ru account, change your password. Then change your security questions. If you haven’t already done so, use two-step authentication whenever you can. LiquidVPN has guides for all of these, which you can find above in the Further Reading section.
Use a password manager whenever possible. Hold Security found that roughly 75% of people use the same password for multiple accounts. If you use a different password for each account, all of your accounts won’t be compromised if one gets hacked.
There is a great website called HaveIBeenPwned that can also help. It provides a simple way to see if you email was compromised in a data breach. Just type your email or username in the search box and it will search thousands of websites.