Over 250 million email passwords stolen in major security breach

More than 250 million email usernames and passwords have been stolen in a major security breach and are being used by “Russia’s criminal underworld,” according to a Reuters report.

Hold Security’s founder and chief information security officer, Alex Holden, told Reuters that 272.3 million stolen accounts are linked to popular providers such as Google, Yahoo, Microsoft, and Russia’s most popular email service Mail.ru.

The security firm says that it found someone who claimed to have more than 1 billion hacked addresses up for sale.

cyber-image
The breach is the latest in a string of cyberscriminal attacks made over the past year.

Excluding duplicates, analysts at Hold believe that the security breach includes 57 million credentials for Mail.ru accounts, 40 million Yahoo accounts, 33 million Hotmail accounts, 24 million Gmail accounts, as well as thousands of addresses from German and Chinese email servers.

Alex Holden told Reuters: “This information is potent. It is floating around in the underground and this person has shown he’s willing to give the data away to people who are nice to him,”

Holden added that there is no way – at the moment – for people to check if their email accounts are included in the firm’s list of breached accounts.

A Microsoft spokesperson told Mashable, “Unfortunately, there are places on the internet where leaked and stolen credentials are posted, and when we come across these or someone sends them to us, we act to protect customers. Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access to their account.”



Mail.ru said in a statement: “We are now checking whether any combinations of usernames/passwords match users’ e-mails and are still active. As soon as we have enough information we will warn the users who might have been affected.”

A spokesman for Microsoft said: “Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access.”

According to the BBC, both Google and Yahoo are currently investigating the breach.