Yahoo and Google thus far have not responded to Holden’s revelations. As soon as we have enough information we will warn the users who might have been affected.” It also said that its initial checks found no live combinations of usernames and passwords which match existing accounts.Ī Microsoft spokesman said: "Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access." said in a statement that it’s investigating the claim: "We are now checking, whether any combinations of usernames/passwords match users' e-mails and are still active. "These credentials can be abused multiple times. It is floating around in the underground and this person has shown he's willing to give the data away to people who are nice to him," said Holden. Most concerningly, he seemed to be in it for the notoriety: Not only was he asking just 50 rubles for the whole shebang (less than $1), but he also quickly gave up the war chest to Hold Security in return for a promise to “post favorable comments about him in hacker forums,” according to Holden. The discovery came after Hold Security researchers found a young Russian hacker bragging about the heist in an online forum. And, thousands of other stolen username/password combinations appear to belong to employees of some of the largest US banking, manufacturing and retail companies, he said. Meanwhile, 33 million, or 12%, were Microsoft Hotmail accounts and 9%, or nearly 24 million, were Gmail, according to Holden.Īlso included are a majority of users of, Russia's most popular email service-totaling 57 million compromised accounts. These include Yahoo Mail credentials, which numbered 40 million, or 15% of the 272 million unique IDs discovered.
Hundreds of millions of hacked usernames and passwords for some of the world's largest webmail providers have been discovered up for sale on the Russian Dark Web.Īlex Holden, founder and chief information security officer of Hold Security, told Reuters that the cache consists of 272.3 million stolen account credentials.
0 kommentar(er)
