A Russian hacker has 272 million stolen Gmail, Yahoo, and Hotmail passwords

gmail early phishing detection inbox
It may be time to update the password for your email. Usernames and passwords for more than 250 million stolen Yahoo Mail, Gmail, Hotmail, and other accounts are being swapped around in Russia’s criminal underworld, according to Reuters.

These stolen accounts were discovered by Hold Security, where researchers found a Russian hacker, dubbed as “the Collector,” bragging that he was ready to “give away” these credentials, which totaled 1.17 billion records. The security company eliminated duplicates, and found the total number of compromised accounts to be 272.3 million.

The largest amount of compromised credentials, 57 million, belong to Mail.ru users, which is Russia’s most popular email service. The email service has 64 million monthly active users, which means the breach affects most of the company’s userbase.

The rest break down to other popular email clients including Yahoo Mail, which reportedly has 40 million emails compromised; Microsoft Hotmail, with 33 million; and Gmail, with 24 million stolen credentials. Other credentials from email providers in Germany and China are also affected. It’s not clear if any of these accounts have actually been breached.

Many of the emails link to employees of some of the largest U.S. banking, manufacturing, and retail companies. Hold Security has been informing affected companies and organizations.

“This information is potent,” Alex Holden, founder and chief information security officer at Hold Security, told Reuters. “It is floating around in the underground and this person has shown he’s willing to give the data away to people who are nice to him. These credentials can be abused multiple times.”

The Russian hacker allegedly asked for 50 rubles, less than $1, for the data. But the security company received a copy after it agreed to post positive comments about the Russian in various hacker forums. The company didn’t pay for the stolen data, as it went against company policy.

“We are now checking whether any combinations of usernames/passwords match users’ e-mails and are still active,” a Mail.ru spokesperson told Reuters. “As soon as we have enough information, we will warn the users who might have been affected.”

The Russian email provider’s initial checks found no live combinations of user names and passwords that match existing emails.

Google moves quickly to rectify compromised accounts it detects, but cannot speak to specific incidents, according to the search giant. These “credential dumps,” like the one Google discovered in 2014, are an unfortunate reality.

“It’s important to note that in this case and in others, the leaked usernames and passwords were not the result of a breach of Google systems,” the company said in the 2014 blog post. “Often, these credentials are obtained through a combination of other sources. For instance, if you reuse the same username and password across websites, and one of those websites gets hacked, your credentials could be used to log into the others. Or attackers can use malware or phishing schemes to capture login credentials.”

These password dumps are a good reminder to set up a recovery phone number so the Mountain View company can quickly contact users in worst-case scenarios, according to Google.

A Microsoft spokesperson told Reuters that the company has security measures in place to detect compromised accounts, and requires additional information to verify the account owner.

Google told Digital Trends the company did not have a comment on the specific incident at the moment, and Microsoft and Yahoo have yet to respond. We will update this post when we hear back.

Computing

Australian student hacks into Apple, steals 90GB of data because he’s a ‘fan’

A 16-year-old student in Australia broke into Apple’s network multiple times for an entire year to download 90GB of “secure” data and access customer accounts. He did this because he was a "fan."
Computing

Use one of these password managers to stay safe online

The internet can be a scary place, especially if you don't have a proper passcode manager. This guide will show you the best password managers you can get right now, including both premium and free options. Find the right password software…
Mobile

We found out which Sony Xperia phones will get Android 9 Pie in 2019

Android 9.0 Pie has been released. But is your phone getting Android 9.0 Pie, and if so, when? We've done the hard work and asked every device manufacturer to see when their devices would be getting the update.
Social Media

Instagram hackers are changing account info into Russian email addresses

Have you logged in to your Instagram lately? A hack circulating this month has Instagram users locked out of their accounts because a hacker changed all the profile data, according to a report.
Computing

Reluctant to give your email address away? Here's how to make a disposable one

Want to sign up for something without the risk of flooding your inbox with copious amounts of spam and unwanted email? You might want to consider using disposable email addresses with one of these handy services.
Computing

Both the Razer Blade and XPS 15 are capable laptops, but which is better?

We pit the latest Dell XPS 15 against the latest Razer Blade 15 to see which machine meets the needs of most people. Both are a fast, attractive, and well-built, but they still appeal to different users.
Computing

Logitech’s distinctive new ergonomic mouse looks as good as it feels

Logitech's first true ergonomic mouse sports an interesting tilted design that encourages less muscle strain. We spent some time with the MX Vertical to see how comfortable it is and determine whether or not we'd prefer it to a standard…
Mobile

Airport’s low-tech solution to digital chaos involves the humble whiteboard

A U.K. airport has suffered a major computer error, caused by data connection problems, which has stopped flight boards from showing crucial passenger information. The solution is wonderfully low-tech.
Computing

Here’s how to watch Nvidia’s GeForce event at Gamescom

Today is August 20, and that means Nvidia may showcase its GeForce RTX 20 Series of add-in graphics cards for gamers. We’re sticking with that name rather than the previous GTX 11 Series brand due to today’s date.
Computing

HTC breaks down VR barriers by bringing Oculus Rift titles to Viveport

HTC's Viveport store and subscription service will be opened to Oculus Rift users in September this year, letting them buy titles directly and take advantage of the monthly game-delivery service.
Computing

Dell’s new fast-refresh Freesync display could be your next great gaming screen

Dell has debuted a pair of new gaming TN displays, each offering high refresh rates and fast response times to gamers alongside Freesync technology. There are 24- and 27-inch versions of the new screens available now.
Computing

Nvidia’s GeForce RTX 20 Series starts at $500 and features real-time ray tracing

Nvidia revealed its new GeForce RTX 2000 Series of add-in desktop graphics cards for gamers during its pre-show Gamescom press event. The new family is based on Nvidia’s new “Turing” architecture focusing on real-time ray tracing.
Computing

Nvidia GeForce RTX GPUs are coming to Alienware and Predator gaming desktops

Dell and Acer have both announced support for Nvidia's new GeForce RTX 2000 graphics cards in refreshed gaming desktops, including Predator Orion series systems and Alienware desktops.
Emerging Tech

Scarily realistic ‘deep video portraits’ could take fake news to the next level

Researchers have developed a new A.I. system which is able to produce scarily realistic "deep fake" videos -- right down to details like a person's eyebrows or eyes as they speak.