Want to keep the TNW Conference vibe going?? Tickets for TNW2022 are available now >>

The heart of tech

This article was published on May 4, 2016

Hacker requested less than $1 for more than 1bn email records

Hacker requested less than $1 for more than 1bn email records
Ben Woods
Story by

Ben Woods

Europe Editor

Ben is a technology journalist with a specialism in mobile devices and a geeky love of mobile spectrum issues. Ben used to be a professional Ben is a technology journalist with a specialism in mobile devices and a geeky love of mobile spectrum issues. Ben used to be a professional online poker player. You can contact him via Twitter or on Google+.

Hundreds of millions of people’s user details for popular email services are floating around the Dark Web, and are being offered for sale from as little as $1, according to a cybersecurity expert.

Alex Holden, founder of Hold Security, says that in total his company was given more than 1.17 billion user records for accounts held at major email providers. A huge number of those turned out to be duplicates, but 272 million unique records were ultimately identified.

According to Reuters, 57 million of those unique accounts were for leading Russian email provider Mail.ru, while 40 million were for Yahoo. 33 million were Microsoft Hotmail accounts and 24 million were Gmail.

And what did the Russian hacker who provided the details to Hold Security want in exchange? 50 Rubles, which is less than a dollar. And he didn’t even get that, as the company won’t pay for breach data.

The huge trove of 227 million uniques were accrued from various breaches in the past, and as such, the affected companies and account holders have already been informed. Nonetheless, Hold Security says that there were 42.5 million credentials that the company hasn’t seen traded on the Dark Web before and that weren’t in its database.

Hold’s past discoveries include the Adobe user database with 153 million records and 1.2 billion unique credentials collected in hundreds of thousands of hacks by a Russian gang.

If confirmation of 227 million email logins being literally given away for free on the Web isn’t enough of a reason to stop using such dumb passwords everywhere, then perhaps nothing is.