Email
Password
Remember meForgot password?
    Log in with Twitter

article image1 billion email accounts offered for sale on the dark web for $1

By James Walker     May 4, 2016 in Technology
A lone hacker is selling over a billion email usernames and passwords for only a dollar on the Russian dark web, according to a report. The majority of the accounts are for Mail.ru, Russia's most popular provider, but some cover Google and Microsoft.
The accounts are being sold by a single young hacker, Reuters reported today. The discovery was made by researchers at Hold Security, who found the hacker in an online forum. He claimed to have collected a database of stolen email credentials with 1.17 billion entries.
A small subset of the full database was found for sale on Russia's dark web. Most of the affected users were customers of Mail.ru, a Russian email provider, but the dataset also includes Gmail, Outlook.com and Yahoo accounts. It is one of the biggest caches of stolen credentials ever to hit the Internet.
After filtering out duplicates, 272.3 million unique stolen accounts were discovered in the breach. Of these, 57 million were for Mail.ru. The service has 64 million active monthly subscribers, suggesting a majority of users are affected. The remaining accounts are a mixture of Google, Microsoft and Yahoo customers as well as a smaller number of German and Chinese accounts.
The lone hacker advertised an asking price of just 50 roubles to obtain the full dataset of well over a million records. The hacker wanted less than $1 for reasons that remain unclear.
The database has been given away for free to people willing to write favourable comments about the hacker on dark web forums. Hold Security obtained the data in this way as it operates a policy of not paying for stolen credentials.
Alex Holden, founder and chief information security officer of Hold Security, warned that the huge number of credentials could let attackers into more than just email accounts. Because many people use the same password for multiple services, hackers can target multiple websites with one set of credentials.
"This information is potent. It is floating around in the underground and this person has shown he's willing to give the data away to people who are nice to him," said Holden to Reuters. "These credentials can be abused multiple times."
Hold Security contacted the affected email providers. Mail.ru said it has begun to check the stolen credentials against its database to see if any are still active. It will contact users once the scale of the breach has been established.
"We are now checking, whether any combinations of usernames/passwords match users' e-mails and are still active," the company told Reuters. "As soon as we have enough information we will warn the users who might have been affected."
Google and Yahoo have yet to issue a statement. Microsoft treated the incident as a routine account theft, commenting "Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access."
The hacker who is selling the data has since been dubbed "The Collector" by Hold Security because he is collating data from various different sources. The firm was unable to identify him without compromising its investigation. The affected email providers were contacted ten days ago with details on the discovery of the database.
More about Security, Email, Hack, Passwords, Credentials