A report from Reuters suggests that over 270 million hacked email credentials—including those from Gmail, Hotmail and Yahoo—are circulating among Russian digital crime rings.
Reuters reports that an investigation by Hold Security revealed the huge stash of login details, that are said to be being traded among criminals. Most of the credentials relate to the Russian email service Mail.ru, but the team has also identified “smaller fractions”—but still “tens of millions”—of details from Google, Yahoo and Microsoft.
The team from Hold Security was offered a tranche of 1.17 billion email user records in an online forum, and asked to pay just $1 for a copy of the data. The team refuses to pay for stolen data, but was given the information anyway when it offered to post positive comments about the hacker online.
The team has since sifted through the data set to remove duplicates, revealing that it contains 270 million unique records. Alex Holden, the founder of Hold Security, told Reuters that the data was “potent,” adding that the “credentials can be abused multiple times.”
Hold Security has apparently alerted all of the affected email providers. It may be that the stash is out of date and doesn’t present too much of a security threat—though, of course, it could be a new pool of data, in which case the accounts included in the tranche could be at risk. It may be a good time to refresh your password either way,