A Hacker Gave Away 272M Credentials from Pretty Much Every Email Provider

Web Services

The discovery of stolen usernames and passwords from various big name email providers – Gmail, Yahoo Mail, etc. – also affects a majority of users of Mail.ru, Russia's most popular email service.

Fortunately, Mail.ru's initial checks found no active combinations of user names and passwords.  It is unclear how many of the other stolen credentials are old as well.

Identifying the hacker who spread the trove of data, or disclosing the sources of the stolen accounts, could expose the investigative methods used to find the trove. Because the hacker vacuumed up data from many sources, security researchers have dubbed him "The Collector".

The researchers happened upon the stash when they spotted a young Russian hacker bragging in an online forum that he had collected and was ready to give away a far larger number of stolen credentials that ended up totaling 1.17 billion records.

Discounting duplicates, the cache contained nearly 57 million Mail.ru accounts, which is a big chunk of the 64 million monthly active email users Mail.ru claims to have. It also included hundreds of thousands of accounts at German and Chinese email providers.

Yahoo Mail credentials numbered 40 million, or 15 percent of the 272 million unique IDs discovered. Meanwhile, 33 million, or 12 percent, were Microsoft Hotmail accounts and 9 percent, or nearly 24 million, were Gmail.

The hacker asked merely 50 rubles – less than $1 – for the entire data set, but gave up the cache after the researchers agreed to post favorable comments about him in hacker forums.

Thousands of other stolen username/password combinations appear to belong to employees of some of the largest U.S. banking, manufacturing and retail companies.