Security of billions of internet user’s personal information has always been a major concern for stakeholders. In a recent shocking revelation, 272.3 million email accounts were reportedly stolen and being traded in Russia’s criminal underworld, a security expert has reported Reuters. Tough, a majority of email service providers have enhanced the security for their customers over the years, yet the sophisticated hackers somehow are able to carve a way to hack the email accounts of the internet users.
The expert, Alex Holden, Founder and Chief security officer of Hold Security, jolted many email service providers including Gmail, Yahoo, and Russian mail service Mail.ru by revealing the major security breach in their mail services. Holden discovered that a big chunk of stolen accounts, estimated around 57 million in number, belonged to Mail.ru (Russia’s biggest mail provider) and the a small fraction of stolen accounts contained users from the world’s three big email providers, Microsoft, Google, and Yahoo!.
“It is one of the biggest stashes of stolen credentials to be uncovered since cyber attacks hit major US banks and retailers two years ago,” reports Reuters.
The incident came to the light after Hold Securities researchers found a young Russian hacker boasting off himself in an online forum that he is ready to give away 1.17 billion numbers of credentials which he had stolen. According to Holden, The hacker was ready to sell these stolen credentials to the ones who are nice to him. Of the 1.17 billion credentials, nearly 272 million were deemed unique by Holden.
Of the total 272 million hacked credentials, Yahoo accounted for 40 million or 15% of the total stolen credentials, whereas Microsoft Hotmail accounted for 33 million credentials. Interestingly, Google also accounted for 24 million or 9% of the total credentials despite claiming user’s security as the top most priority. A majority of usernames and password combinations that were stolen belonged to employees of the largest US firms and banks.
“Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access.” Microsoft Coproration made a statement in regards to the upsetting news.
However, not every email service provider looked shaken from the news; Mail.ru requested its users to stay calm and composed as the leaked credentials containing the email and password combinations didn’t work after Mail.ru ran its first test.
Holden has a credible record of uncovering serious breaches in the past, which affected millions of individuals of JPMorgan, Target, and Adobe Systems. In 2014, he unmasked a cache containing 1.2 billion unique credentials, the biggest-ever retrieval of stolen accounts.
The severity of the incident could be measured by the fact that the number of internet users usually stick to their favorite password without changing it at regular intervals. That’s why during such hacks, users are more prone to either loose their accounts or face other damages, likes of other transactional passwords that can be received on the email address via Forget password option.
Stolen Data available for a mere $1
Interestingly, the Russian hacker demanded mere 50 rubles ($1) and positive comments about himself in the forum for handing over the credentials to Holden.
“This information is potent. It is floating around in the underground and this person has shown he’s willing to give the data away to people who are nice to him.” Holden told Reuters.
However, his such demand raises many questions on the authenticity of the data as well. There are reasons that the leaked data may be obsolete, the foremost being the awkwardly low selling price of these valuable credentials. Second, Holden said that password encryption was missing in the stolen credentials. Citing the reasons, it appears that some wannabe hacker conducted such deeds only to gain popularity.
Holden clarified that the hacker accumulated data from a number of sources.
The art of Hacking
This was not the first time when a single hacking incident is reported at such a massive scale. A tale of hacking that fewer of us know is the cyber attack on Saudi Aramco. The word panic was literally enacted by this hack when an employee mistakenly clicked a hazardous link, thus opening the gates for the virus. Within no time around 35,000 computers were destroyed, wires were pulled off and in a blink of an eye, the company went offline to prevent the virus entering the database. The hacker group named “Cutting Sword of Justice” claimed responsibility for this attack.
Yahoo has a history of attacks; In May 2013, 22 million user’s information was leaked. Yahoo, without wasting any time, went offline to prevent any further leaks and damages.
Another incident jolted Evernote when the company had unintentionally compromised the data of around 50 million users in 2013. As details about credit cards and bank accounts were encrypted in Evernote’s database, the aftermath was less catastrophic.
Hacking Trends Are Changed
Over the past few years, the purposes and the intentions behind hacking have been changed and new trends have emerged. One such incident is extortion hack; similar to attacking a firm and then threaten to release the sensitive data of the firm or its customers until and unless the victim agrees to pay the ransom.
Playing with the data is another threat from the hackers. Instead of destroying it, hackers tend to manipulate the data to make it lose its integrity. Such hacks are attempted to affect the defense system of a country and manipulate the weapons too. Hacker’s will be able to find one way or the other to play with the cyber security of the world.
While the companies, governments, and cyber security firms are leaving no stone unturned to nail such hacking attempts, hackers are able to find one way or the other to play with the cyber security of the world.