Massive email hack hits millions

Posted at 9:12 AM, May 06, 2016
and last updated 2016-05-06 09:57:29-04

(REUTERS via AOL) Hundreds of millions of usernames and passwords for email accounts and other websites have been hacked, according to a security expert. Alex Holden, founder and Chief information security officer of Hold Security.

RELATED: See if your email has been hacked

He tells Reuters that the information is being traded in Russia's criminal underworld.

Holden who has helped uncover major data breaches before, found a young Russian hacker bragging in an online forum that he had collected and was ready to give away a far larger number of stolen credentials that ended up totaling 1.17 billion records.

It is one of the biggest stashes of stolen credentials to be uncovered since cyber attacks hit major U.S. banks and retailers two years ago.

While many of the 272 million stolen accounts are on Russia's most popular email service, some are Google, Yahoo and Microsoft accounts.

Email is often the most valuable digital asset according to Ben Johnson, co-founder of digital security firm Carbon Black.

"They can use them for spam, to log in and spread to people you know. To try your email user name and password as credentials for other websites so there is a whole plethora of things they could try with it," said Carbon Black Chief Security Strategist Ben Johnson.

Thousands of other stolen username/password combinations appear to belong to employees of some of the largest U.S. banking, manufacturing and retail companies, and are vulnerable to attack, according to Holden.

Microsoft responded saying. "Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access."

Yahoo and Google did not respond to requests for comment.

(c) Copyright Thomson Reuters 2016.