More than 250 million email usernames and passwords have been breached and are being used by “Russia’s criminal underworld,” according to a Reuters report.
Hold Security’s Alex Holden, who reported the data breach, told Reuters that the breach affects many of the email addresses on Russia’s popular Mail.ru service, as well as addresses from Google, Yahoo and Microsoft.
Holden said his firm came across a Russian hacker who claimed to have more than 1 billion hacked addresses for sale. In total, after eliminating duplicates, the list included 57 million Mail.ru addresses, 40 million Yahoo addresses, 33 million Hotmail addresses and 24 million Gmail addresses.
“This information is potent. It is floating around in the underground and this person has shown he’s willing to give the data away to people who are nice to him,” Holden told Reuters.
In addition to those mentioned, there were also thousands of email addresses from German and Chinese email servers included in the lot.
A Microsoft spokesperson told Mashable, “Unfortunately, there are places on the internet where leaked and stolen credentials are posted, and when we come across these or someone sends them to us, we act to protect customers. Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access to their account.”
Additionally, a Google spokesperson told Mashable they were unable to comment on specific incidents, but they address abuse as quickly as possible.
The breach is the latest in a string of large-scale incidents. Last year, the data of more than 100 million people was stolen from nine companies, including the Wall Street Journal and J.P. Morgan, the largest-ever such breach in the United States.
And the U.S. federal government has also been hit by massive breaches lately. One incident, which occurred in 2015, allowed hackers to access the personal data of tens of thousands of workers from the Office of Personnel Management. And earlier this year, another breach involved data from 30,000 employees from the FBI and the Department of Homeland Security (DHS).
Mail.ru and Yahoo representatives have not returned Mashable‘s request for comment.
Have something to add to this story? Share it in the comments.