Tens of millions of stolen credentials for Gmail, Microsoft and Yahoo email accounts are being shared online by a young Russian hacker known as “the Collector” as part of a supposed larger trove of 1.17 billion records.
That’s according to Hold Security, which says it has looked at more than 272 million unique credentials so far, including 42.5 million it had never seen before. A majority of the accounts reportedly were stolen from users of Mail.ru, Russia’s most popular email service, but credentials for other services apparently were also included.
Hold discovered the breach when its researchers came across the hacker bragging in an online forum. Though the hacker initially asked Hold for 50 rubles for the initial 10GB stash — that’s equivalent to about 75 cents — he eventually turned it over to them in exchange for likes and votes for him on social media.
Some 40 million of the credentials came from Yahoo Mail, 33 million were from Microsoft Hotmail, roughly 24 million were from Gmail, and nearly 57 million were from Mail.ru, according to Reuters. Thousands of others came from employees of large U.S. companies in banking, manufacturing and retail, and hundreds of thousands more reportedly were from accounts at German and Chinese email providers.
In an email message, Google declined to comment on the incident but said users should establish a recovery phone number for their Google accounts.
Yahoo, Microsoft and Mail.ru did not immediately respond to a request for comment.