Mail.Ru Group: theft of hundreds of millions of mail service accounts by the “Russian hacker” is a usual stuffing
Over 99% of these accounts from the database are invalid
As previously reported at Geektimes , information security specialist Alex Holden said that a certain Russian hacker was offering to buy a base of mail service user accounts on the forums for those who want to. And we are talking about the most famous "mailers", including services of Google, Yahoo, Mail.ru, Microsoft. The total number of accounts offered by the hacker is more than 200 million.
')
Of these, the most accounts for Mail.ru, they counted about 57 million pairs of logins and passwords. Experts of the company checked these data for a couple of days, and now they say with confidence that everything Holden said is an informational stuffing. Mail.ru specialists checked all 57 million usernames and passwords, and it turned out that almost all of them are invalid, with very few exceptions.
Rather, 99.982% of Mail.ru accounts in the analyzed database are invalid. This is probably the usual compilation of fragments of old databases of login-passwords, and not only for the Mail.ru service.
“22.56% of the analyzed accounts contain an email address that never existed at all, another 64.27% contains the wrong password, the database also contains records that are specified without a password at all (0.74%). The remaining 12.42% of accounts already pass in Mail.Ru Mail as suspicious (that is, according to our system, there are reasons to believe that they were either hacked or created by a robot) and blocked. This means that it is impossible to enter them with a password, and the owner must go through the procedure for restoring access, ”the company said in a press release.
And only 0.018% of login-password pairs turned out to be valid, the owners of these boxes received a notification about the need to change their data. Here, rather, we are already talking not about the theft of logins and passwords, but about the simple coincidence of the data of the compiled database and the data of the real users of the service.
“With a very high degree of probability, this database was collected as a result of several phishing attacks using phishing messages sent to users. This is evidenced by the rather low quality of the database, since it contains a small amount of actually working accounts. If attackers had found vulnerabilities that allowed access to accounts of several mail services at once, then the quality of the database, like its price, would be completely different, ”reports Yury Namestnikov, antivirus expert at Kaspersky Lab.
As previously reported at Geektimes , information security specialist Alex Holden said that a certain Russian hacker was offering to buy a base of mail service user accounts on the forums for those who want to. And we are talking about the most famous "mailers", including services of Google, Yahoo, Mail.ru, Microsoft. The total number of accounts offered by the hacker is more than 200 million.
')
Of these, the most accounts for Mail.ru, they counted about 57 million pairs of logins and passwords. Experts of the company checked these data for a couple of days, and now they say with confidence that everything Holden said is an informational stuffing. Mail.ru specialists checked all 57 million usernames and passwords, and it turned out that almost all of them are invalid, with very few exceptions.
Rather, 99.982% of Mail.ru accounts in the analyzed database are invalid. This is probably the usual compilation of fragments of old databases of login-passwords, and not only for the Mail.ru service.
“22.56% of the analyzed accounts contain an email address that never existed at all, another 64.27% contains the wrong password, the database also contains records that are specified without a password at all (0.74%). The remaining 12.42% of accounts already pass in Mail.Ru Mail as suspicious (that is, according to our system, there are reasons to believe that they were either hacked or created by a robot) and blocked. This means that it is impossible to enter them with a password, and the owner must go through the procedure for restoring access, ”the company said in a press release.
And only 0.018% of login-password pairs turned out to be valid, the owners of these boxes received a notification about the need to change their data. Here, rather, we are already talking not about the theft of logins and passwords, but about the simple coincidence of the data of the compiled database and the data of the real users of the service.
“With a very high degree of probability, this database was collected as a result of several phishing attacks using phishing messages sent to users. This is evidenced by the rather low quality of the database, since it contains a small amount of actually working accounts. If attackers had found vulnerabilities that allowed access to accounts of several mail services at once, then the quality of the database, like its price, would be completely different, ”reports Yury Namestnikov, antivirus expert at Kaspersky Lab.
Source: https://habr.com/ru/post/357810/
All Articles