Hundreds of millions of people’s user details for popular email services are floating around the Dark Web, and are being offered for sale from as little as $1, according to a cybersecurity expert.
Alex Holden, founder of Hold Security, says that in total his company was given more than 1.17 billion user records for accounts held at major email providers. A huge number of those turned out to be duplicates, but 272 million unique records were ultimately identified.
“75% of European digital ecosystem is present at #TNW2018”
Are you doing business in Amsterdam in May?
According to Reuters, 57 million of those unique accounts were for leading Russian email provider Mail.ru, while 40 million were for Yahoo. 33 million were Microsoft Hotmail accounts and 24 million were Gmail.
And what did the Russian hacker who provided the details to Hold Security want in exchange? 50 Rubles, which is less than a dollar. And he didn’t even get that, as the company won’t pay for breach data.
The huge trove of 227 million uniques were accrued from various breaches in the past, and as such, the affected companies and account holders have already been informed. Nonetheless, Hold Security says that there were 42.5 million credentials that the company hasn’t seen traded on the Dark Web before and that weren’t in its database.
If confirmation of 227 million email logins being literally given away for free on the Web isn’t enough of a reason to stop using such dumb passwords everywhere, then perhaps nothing is.