Millions of email accounts at risk as hacker hands over stolen database
Web users have been advised to change their passwords once again after a hacker gave up a database of hundreds of millions of stolen email credentials to a security firm.
272 million unique email addresses and their passwords were given to Hold Security by a cyber criminal demanding 50 rubles (53 pence) for the database – a small price, but one the firm refused to pay to avoid rewarding criminal activity.
According to Reuters, the data includes accounts on Russian email service Mail.ru as well as smaller numbers of Google, Yahoo and Microsoft credentials.
The hacker claimed the ten-gigabyte haul contained 1.17 billion credentials from numerous breaches, but on closer inspection 272 million turned out to be unique. The researchers said 42.5 million of these are credentials “we have never seen before”.
According to The Guardian, the firm’s founder convinced the cyber criminal behind the database – nicknamed “the collector” – to give it up in exchange for likes on social media rather than payment after he was found bragging about it on forums.
With the credentials out there on the Dark Web, users have been advised to change their email passwords and avoid using the same ones across multiple accounts.
In March, a survey looking at global attitudes to privacy and the internet revealed that three quarters of Britons believe the Dark Web should be shut down.
Researchers also recently found malware designed to steal gamers’ login details to sell them for as little as $15 (£10) on the anonymous portion of the internet.
And analysis of the data on offer on the Dark Web has revealed that UK citizens’ stolen information can be worth up to twice as much as the same details from the US.