270 million passwords on ‘market’
LOGIN details for more than 200 million Gmail, Hotmail and Yahoo accounts are being traded by Russian cybercriminals, it has been revealed.
According to research from cybersecurity firm Hold Security, most of the leaked credentials relate to Mail.ru, Russia's most popular email service, but Reuters reports that 272 million Mail.ru, Google, Yahoo! and Microsoft email accounts are caught up in the leak.
It is one of the biggest stashes of stolen login credentials in internet history, and users are rightly worried.
Hold Security said it came across the database on a hacker forum, where one user was bragging he had details for 1.17 billion email accounts.
After combing through the database, Hold found the real number was much smaller, but some companies had still been badly hit.
The cache reportedly contains 57 million Mail.ru accounts, affecting most of the service's 64 million active users.
Hold Security's Alex Holden said: "This information is potent. It is floating around in the underground.
"These credentials can be abused multiple times."
The stolen logins can obviously be used to access email accounts, but users who tend to have the same password for multiple websites are even more vulnerable.
Users concerned about the leak would be wise to change their passwords, start using different passwords for different accounts, and enrol in two-step verification on supporting sites.
A Microsoft spokesman said: "Unfortunately, there are places on the internet where leaked and stolen credentials are posted and when we come across these or someone sends them to us, we act to protect customers."
About 40 million Yahoo Mail credentials were in the list with 33 million for Microsoft Hotmail and 24 million for Gmail, according to Mr Holden.
Google is apparently forcing a password reset on each of the known affected Gmail accounts.