Skip to main content

A Russian hacker has 272 million stolen Gmail, Yahoo, and Hotmail passwords

gmail early phishing detection inbox
Image used with permission by copyright holder
It may be time to update the password for your email. Usernames and passwords for more than 250 million stolen Yahoo Mail, Gmail, Hotmail, and other accounts are being swapped around in Russia’s criminal underworld, according to Reuters.

These stolen accounts were discovered by Hold Security, where researchers found a Russian hacker, dubbed as “the Collector,” bragging that he was ready to “give away” these credentials, which totaled 1.17 billion records. The security company eliminated duplicates, and found the total number of compromised accounts to be 272.3 million.

Recommended Videos

The largest amount of compromised credentials, 57 million, belong to Mail.ru users, which is Russia’s most popular email service. The email service has 64 million monthly active users, which means the breach affects most of the company’s userbase.

Please enable Javascript to view this content

The rest break down to other popular email clients including Yahoo Mail, which reportedly has 40 million emails compromised; Microsoft Hotmail, with 33 million; and Gmail, with 24 million stolen credentials. Other credentials from email providers in Germany and China are also affected. It’s not clear if any of these accounts have actually been breached.

Many of the emails link to employees of some of the largest U.S. banking, manufacturing, and retail companies. Hold Security has been informing affected companies and organizations.

“This information is potent,” Alex Holden, founder and chief information security officer at Hold Security, told Reuters. “It is floating around in the underground and this person has shown he’s willing to give the data away to people who are nice to him. These credentials can be abused multiple times.”

The Russian hacker allegedly asked for 50 rubles, less than $1, for the data. But the security company received a copy after it agreed to post positive comments about the Russian in various hacker forums. The company didn’t pay for the stolen data, as it went against company policy.

“We are now checking whether any combinations of usernames/passwords match users’ e-mails and are still active,” a Mail.ru spokesperson told Reuters. “As soon as we have enough information, we will warn the users who might have been affected.”

The Russian email provider’s initial checks found no live combinations of user names and passwords that match existing emails.

Google moves quickly to rectify compromised accounts it detects, but cannot speak to specific incidents, according to the search giant. These “credential dumps,” like the one Google discovered in 2014, are an unfortunate reality.

“It’s important to note that in this case and in others, the leaked usernames and passwords were not the result of a breach of Google systems,” the company said in the 2014 blog post. “Often, these credentials are obtained through a combination of other sources. For instance, if you reuse the same username and password across websites, and one of those websites gets hacked, your credentials could be used to log into the others. Or attackers can use malware or phishing schemes to capture login credentials.”

These password dumps are a good reminder to set up a recovery phone number so the Mountain View company can quickly contact users in worst-case scenarios, according to Google.

A Microsoft spokesperson told Reuters that the company has security measures in place to detect compromised accounts, and requires additional information to verify the account owner.

Google told Digital Trends the company did not have a comment on the specific incident at the moment, and Microsoft and Yahoo have yet to respond. We will update this post when we hear back.

Julian Chokkattu
Former Digital Trends Contributor
Julian is the mobile and wearables editor at Digital Trends, covering smartphones, fitness trackers, smartwatches, and more…
Get a Copilot+ laptop for under $1,000 with this Best Buy deal
Acer Swift 14 AI front view showing display and keyboard.

Microsoft's Copilot is an amazing AI assistant, and Copilot+ PCs and laptops are designed to take advantage of the technology. The Acer Swift 14 AI is an excellent example, and it's available from Best Buy with a huge $400 discount that slashes its price from $1,200 to only $800. We're not sure how much time is remaining before this offer expires, but if you want to make sure that you buy this powerful machine for less than $1,000, we highly recommend proceeding with your purchase as soon as possible.

Why you should buy the Acer Swift 14 AI
The Acer Swift 14 AI is a Copilot+ laptop that's made by one of the best laptop brands, so you can be sure you're getting a high-quality device. With Microsoft's Copilot running on the laptop itself, you'll receive faster response times from the AI with enhanced security, for tasks such as finding documents and web pages using Recall, generating and editing images, and translating between languages in real-time. The Acer Swift 14 AI can handle these functions because it's powered by the Qualcomm Snapdragon X Elite processor, Qualcomm Snapdragon X Elite Adreno Graphics, and 16GB of RAM.

Read more
This 17-inch LG laptop is $700 off, but you need to hurry
LG Gram 17 2021 laptop

If you want your next laptop to have a relatively big screen, you should check out Best Buy's offer for the LG Gram 17. From its original price of $1,800, it's down to a more reasonable $1,100 following a $700 discount. There's no telling how much time remains before this bargain ends though, so if you want to get this device for a much lower price than usual, you're going to have to hurry with your purchase. As with most laptop deals, any delay may cause you to miss out on the savings.

Why you should buy the LG Gram 17 laptop
If you like working on a large display, you should heavily consider going for the LG Gram 17. The laptop is equipped with a 17-inch screen with a 16:10 aspect ratio and Full HD resolution, so you'll clearly see all the details of your projects. It's also great for watching streaming shows and browsing social media whenever you're taking a break because of its vivid colors. Despite a display that's larger than most of its peers, the LG Gram 17 maintains portability, as it's exceptionally light and it offers a long battery life, while promising durability as it meets military-grade standards.

Read more
Quick! This RTX 4080-powered gaming laptop is under $2,000
A Lenovo Legion Pro 7i at a side angle.

For one of the best gaming laptop deals around -- and one I’m personally tempted by -- check out what Walmart has to offer. Right now, you can buy the Lenovo Legion Pro 7i for just $2,000. It normally costs $2,650 thanks to its high-end hardware, but right now you can save $650 and score a gaming laptop that will last you a long time to come. One of the best laptop deals around, let’s take a look at why you’ll love it.

Why you should buy the Lenovo Legion Pro 7i
Lenovo is one of the best gaming laptop brands out there and one that I have used extensively in the past. Its Legion range is the one to check out for gaming, and it’s always consistently great. With this Lenovo Legion Pro 7i, you get a 14th-generation Intel Core i9-14900HX CPU with 16GB of RAM and 1TB of SSD storage space. There’s also an Nvidia GeForce RTX 4080 graphics card, so you’re in great hands for some high-end gaming.

Read more