Hundreds of millions of hacked user names and passwords for email accounts and other websites are being traded in Russia’s criminal underworld.
The discovery of 272.3 million stolen accounts included a majority of users of Mail.ru, Russia’s most popular email service, and smaller fractions of Google, Yahoo and Microsoft email users, said Alex Holden, founder and chief information security officer of Hold Security in a Reuters report.
That revelation comes on the heels of another report saying, the volume of malicious emails soared at the beginning of the year, with Locky ransomware and the Dridex banking Trojan accounting for the vast majority of document attachment-based attacks in Q1, according to Proofpoint.
The security vendor’s Quarterly Threat Summary for the first three months of 2016 revealed a 66 percent increase in emails containing malicious URLs and attachments over the previous quarter. When compared to the same period a year ago, the increase skyrocketed to 800 percent.
Of the emails containing malicious document attachments, Locky accounted for 24 percent and Dridex 74 percent, leading Proofpoint to warn organizations need “scalable, automated” defenses in place to block threats before they have a chance to infect networks.
As far as the stolen emails go, Holden was previously instrumental in uncovering some of the world’s biggest known data breaches, affecting tens of millions of users at Adobe Systems, JPMorgan and Target.
The latest discovery came after Hold Security researchers found a young Russian hacker bragging in an online forum he had collected and was ready to give away 1.17 billion records.
After eliminating duplicates, Holden said, the cache contained nearly 57 million Mail.ru accounts. It also included tens of millions of credentials for the world’s three big email providers, Gmail, Microsoft and Yahoo, plus hundreds of thousands of accounts at German and Chinese email providers.
“This information is potent. It is floating around in the underground and this person has shown he’s willing to give the data away to people who are nice to him,” said Holden, the former chief security officer at U.S. brokerage R.W. Baird. “These credentials can be abused multiple times,” he said.
Mysteriously, the hacker asked just 50 roubles – less than $1 – for the entire trove, but gave up the dataset after Hold researchers agreed to post favorable comments about him in hacker forums, Holden said. He said his company’s policy is to refuse to pay for stolen data.
Such large-scale data breaches can end up used to engineer further break-ins or phishing attacks by reaching the universe of contacts tied to each compromised account, multiplying the risks of financial theft or reputational damage across the web.