Tens of millions of usernames and passwords for Gmail, Hotmail and Yahoo email accounts have been hacked and details traded online, according to a security expert.
Data from around 97 million accounts have been stolen as part of a huge cyber attack that is thought to affect around 272.3 million users worldwide, said Alex Holden, founder and chief information security officer of Hold Security.
In one of the biggest data breaches in years, the information is being traded in Russia’s criminal underworld for next to nothing, it has been claimed.
It is thought that credentials from around 40 million Yahoo Mail accounts, 33 million Hotmail accounts and 24 million Gmail accounts have been accessed.
But the majority of the usernames stolen are from Russia’s most popular email service Mail.ru
Holden, who was speaking to Reuters, has previously uncovered huge data breaches affecting millions of users at at AdobeSystems, JPMorgan and Target.
His latest discovery is said to come after researchers found a young Russian hacker bragging in an online forum that he had collected and was ready to give away a far larger number of stolen credentials.
Mysteriously, the hacker asked just 50 roubles – just over 50p – for the entire trove, but gave up the dataset after Hold researchers agreed to post favourable comments about him in hacker forums, Holden said.
He said his company’s policy is to refuse to pay for stolen data.
‘This information is potent. It is floating around in the underground and this person has shown he’s willing to give the data away to people who are nice to him,’ said Holden.
‘These credentials can be abused multiple times.’
A Microsoft spokesman said stolen online credentials was an unfortunate reality. ‘Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access.’
Yahoo and Google did not respond to requests for comment.
A Mail.ru spokeswoman said it was checking whether the email combinations match those still actively in use.