A young Russian hacker known as “The collector” has shared over a billion of hacked email credentials and is willing to share them for some social media praise. According to Reuters the hacker has a trove of 1.17 billion of email IDs and their respective passwords and is willing to share them in exchange of some money and some social media likes.
According to Hold Security which monitors cyber threats on forums and chat rooms, while developing profiles on suspected criminals, the hacker when contacted initially demanded 50 rubles or 75 cents to share 10GB of data. Then again he changed his mind and shared some 272 million credentials in exchange to likes for his social media account. The credentials include 40 million Yahoo Mail credentials, 33 million Microsoft Hotmail, roughly 24 million Gmail and 57 million were from Mail.ru
Thousands of other email/passwords came from employees of large US companies in banking, manufacturing, and retail and hundreds of thousands more reportedly were from accounts at German and Chinese email providers.
Extensively, such large scale data breaches can be used to engineer further break-ins or phishing attacks by reaching the universe of contacts tied to each compromised account, multiplying the risks of financial theft or reputational damage across the web.
Hold Security will warn all the email users who might be affected in the breach after it gets enough information. The company is disinterested in selling the info obtained from the hacker, as it is stolen data.
This incident clearly exposes the mindset of individuals and companies and specifies how serious they are when it comes to data security.
Reacting to the latest data breach incident, Microsoft said that it has security measures in place to detect account compromise and requires additional info to verify the account owner and help them regain sole success. Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access.”
In an email message, Google declined to comment on the incident but said users should establish a recovery phone number for their Google accounts.
Meanwhile, Yahoo did not immediately respond to a request for comment. And Mail.ru said that the report was just a fabricated media hype created to highly ‘Hold Security’ business on the web. The Russian email service provider also said that its inquiry has discovered that most of the passwords or incorrect or the email IDs were invalid.