View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
May 5, 2016updated 05 Sep 2016 11:49am

Hacker sells 272 million Hotmail, Google & Yahoo email accounts in major data breach

News: The hacker wanted 50 roubles to disclose the details of the hacked accounts.

By CBR Staff Writer

A Russian hacker has stolen the details of millions of hacked email accounts including those from Google Gmail, Yahoo Mail and Microsoft Hotmail.

Security firm Hold Security identified that user names and passwords of 272.3 million email account holders had been stolen by a hacker, with 42.5 million of them not figuring in earlier breaches.

However, the firm obtained the data for free. The hacker accepted to share the details after reaching an agreement with the firm, which involved Hod Security posting favourable comments about him or her on a forum.

Initially, the hacker asked the firm to pay just 50 roubles to disclose the details of the millions of hacked email accounts.

Hold Security in a statement, "50 rubles" is what the hacker wants for this incredibly large set of data. He can’t be serious; based on today’s exchange rate it is less than one US dollar.

"This greatly impacts the data’s credibility and value, similar to an expensive sports car being sold for pennies at auction."

Hold Security founder and chief information security officer Alex Holden told Reuters that while a significant amount of details belonged to users of, the hacked details of email accounts provided by Google, Yahoo and Microsoft accounted for only a small fraction of stolen data.

Content from our partners
Resilience: The power of automating cloud disaster recovery
Are we witnessing a new 'Kodak moment'?

Holden, who was a former chief security officer at US brokerage R.W. Baird, said: "This information is potent. It is floating around in the underground and this person has shown he’s willing to give the data away to people who are nice to him.

"These credentials can be abused multiple times."

In reply to the breach of email accounts, said: "We are now checking, whether any combinations of usernames/passwords match users’ e-mails and are still active.

"As soon as we have enough information we will warn the users who might have been affected."

A Microsoft spokesman confirmed that online credentials were hacked.

The spokesman was quoted by Reuters as saying:"Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access."

While stolen credentials of Yahoo Mail users accounted for 40 million or 15% of the 272 million hacked accounts, 33 million or 12% of belonged to Microsoft Hotmail accounts, according to Holden.

Around 24 million or 9% of the total hacked details belonged to Gmail users.

"This is stolen data, which is not ours to sell," said Holden.

"Besides automated harvesting on a daily basis, we interface with hundreds of hackers, monitoring if they have any new information. We do not pay hackers for stolen data. If they have something new and valuable, we start our dance; ask, negotiate, finagle, anything permissible to get the data without rewarding the bad guys for their work," the security firm said.

"Over the past month (April of 2016) we have identified 120 million stolen records. This stolen data consists of information from a major Eastern European communication firm, some medium size online service providers, and mostly unattributed data moved around by hackers in search of easy gains," it added.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.