Russian hacker kidnapped 272.3 million mail service accounts
The Mail.ru service suffered the most, but the problem concerns Google, Yahoo, Microsoft
Alex Holden (Alex Holden), the founder and head of the company Hold Security, said that the attacker from the Russian Federation managed to steal a huge number of user accounts of various mail services. Mail.ru suffered the most, and to a lesser extent Google, Yahoo, Microsoft services.
')
This is the largest in a long time hacking postal services, writes Reuters. Previously, attackers stole data from millions of users of Adobe Systems, JpMorgan, Target, and subsequently sold to other cybercriminals. Now the situation is no different from previous incidents.
A hacker who has stolen such a number of accounts sells them in specialized forums.
Holden received a package with user accounts, processed (deleted duplicates), and it turned out that only Mail.ru accounts in the package sold have about 57 million. In total, this company has about 64 million active users (Mail.ru data at the end of last year) . In addition to Mail.ru, Gmail (24 million accounts), Yahoo mail (40 million) and Microsoft mail (33 million accounts), the hacker managed to steal and account users of less popular email services from Germany and China.
Less than $ 1 for all
The attacker sells all this treasure to everyone for only ... 50 rubles, that is, less than $ 1. But the data obtained will definitely take advantage of other cybercriminals. Someone will use phishing, someone will get the data of compromised accounts, logging into a work account. It is known that the vast majority of users use the same data for identification on different services. Therefore, now hacking these additional services is a matter of time. In general, we can expect large-scale actions of intruders to steal the finances of users whose data was obtained by a hacker. There are also purely reputational risks for some users, whose uchetok data fell into the hands of criminals.
As for the companies whose services were affected by the hacker's actions, so far the comment came only from Mail.ru: “The study of the first random sample showed that it does not contain passwords suitable for active live accounts. In addition, attention is drawn to the fact that the database contains a large number of the same logins with different passwords, which indicates that it was compiled from fragments of different databases, where users used their email as a login. We continue to check the base and, as soon as we have more information, we will warn users who may have suffered. ”
Alex Holden (Alex Holden), the founder and head of the company Hold Security, said that the attacker from the Russian Federation managed to steal a huge number of user accounts of various mail services. Mail.ru suffered the most, and to a lesser extent Google, Yahoo, Microsoft services.
')
This is the largest in a long time hacking postal services, writes Reuters. Previously, attackers stole data from millions of users of Adobe Systems, JpMorgan, Target, and subsequently sold to other cybercriminals. Now the situation is no different from previous incidents.
A hacker who has stolen such a number of accounts sells them in specialized forums.
Holden received a package with user accounts, processed (deleted duplicates), and it turned out that only Mail.ru accounts in the package sold have about 57 million. In total, this company has about 64 million active users (Mail.ru data at the end of last year) . In addition to Mail.ru, Gmail (24 million accounts), Yahoo mail (40 million) and Microsoft mail (33 million accounts), the hacker managed to steal and account users of less popular email services from Germany and China.
Less than $ 1 for all
The attacker sells all this treasure to everyone for only ... 50 rubles, that is, less than $ 1. But the data obtained will definitely take advantage of other cybercriminals. Someone will use phishing, someone will get the data of compromised accounts, logging into a work account. It is known that the vast majority of users use the same data for identification on different services. Therefore, now hacking these additional services is a matter of time. In general, we can expect large-scale actions of intruders to steal the finances of users whose data was obtained by a hacker. There are also purely reputational risks for some users, whose uchetok data fell into the hands of criminals.
As for the companies whose services were affected by the hacker's actions, so far the comment came only from Mail.ru: “The study of the first random sample showed that it does not contain passwords suitable for active live accounts. In addition, attention is drawn to the fact that the database contains a large number of the same logins with different passwords, which indicates that it was compiled from fragments of different databases, where users used their email as a login. We continue to check the base and, as soon as we have more information, we will warn users who may have suffered. ”
Source: https://habr.com/ru/post/357072/
All Articles