You are using an older browser version. Please use a supported version for the best MSN experience.

272 million stolen email passwords for Gmail, Yahoo and Hotmail accounts being traded by Russian hackers

The Independent The Independent 5/05/2016 Doug Bolton

© Provided by Independent Print Limited Login details for over 272 million Gmail, Hotmail and Yahoo accounts are being traded by Russian cybercriminals, it has been revealed.

According to research from cybersecurity firm Hold Security, the vast majority of leaked login credentials relate to, Russia's most popular email service.

However, Reuters reports that millions of Google, Yahoo and Microsoft email accounts have also been stolen, affecting internet users across the world.

It's one of the biggest uncovered stashes of stolen login credentials in internet history, and users are rightly worried.

Hold Security claims it came across the database on a Russian hacker forum, where one user was bragging that he had obtained the details for around 1.17 billion email accounts.

After combing through the database, the firm found the real number was much smaller, but some companies have still been badly hit. The cache reportedly contains 57 million accounts, affecting a majority of the service's 64 million active users.

Stolen passwords can fetch a good price on the black market, but the Russian hacker was only asking for 50 roubles (around 52p) for the entire trove. He eventually handed the cache over to Hold Security researchers after they said they would post favourable comments about him on the internet, to stay in line with their policy of never paying for stolen data.

Speaking to the news agency, Hold Security founder Alex Holden said: "This information is potent. It is floating around in the underground and this person had shown he's willing to give the data away to people who are nice to him."

"These credentials can be abused multiple times," he added.

The stolen logins can obviously be used to access email accounts, but users who tend to have the same password for multiple websites are even more vulnerable.

Users concerned about the leak would be wise to change their passwords, start using different passwords for different accounts, and enrol in two-step verification on supporting sites.

Now, is analysing the password database, to check if the entries actually match up to user accounts.

A Microsoft spokesperson said: "Unfortunately, there are places on the internet where leaked and stolen credentials are posted, and when we come across these or someone sends them to us, we act to protect customers. Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access to their account.”

The Independent has contacted Google and Yahoo for comment.

More from The Independent

The Independent
The Independent
image beaconimage beaconimage beacon