272 Million Email Account Credentials Traded In The Russian Criminal Underworld
Even the security research firm also said that the hackers batch came from a “Russian kid” which is one of its analysts found who had collected the stolen credentials to the 1.17 billion, from Google, AOL, Yahoo and Mail.ru, from different places on the criminal underworld.
When the team of Hold simmered this list down that is comparing the newly obtained data to data already in its ownership and it discovered the 272 million of the email credentials that were exclusive with 42.5 million having never been revealed. The remainder were already popular to cooperate.
In stead of the enormous volume of records which were discovered the price that paid to the hacker by Hold Security is even more remarkable.
The real asking price was 50 Rubles that is less than $1, however, Hold bargained the hacker down.
Hold wrote , “In all reality, 50 rubles is next to nothing, but we refuse to contribute even insignificant amounts to his cause. It is rather funny to negotiate over this, but finally, the hacker just asks us to add likes/votes to his social media page (so much for anonymity). That we can do, and once he is satisfied with the results we get a link to an incredible 10 gigabytes in a compressed database, which takes us more than an hour to download.”
Industry experts put onwards different reasons for the hacker that is giving away the data which is varying from it being an issue of regarding supply as well as the demand to the fact which they were untested and therefore probably insignificant to a buyer.
Lysa Myers who is the Security Researcher at ESET told “My guess is the credentials were either unverified or specifically stale (abandoned accounts, for instance). He probably gathered it from dumps of previous breaches of other vendors, so it's likely that he didn't do the work of stealing the data so much as he probably just garbage-collected it from around the web.”
Jonathan Cran at Bugcrowd said through an email that the emails could still confirm useful although “the half-life of stolen credentials is decreasing as SaaS providers such as mail.ru or Gmail get faster at invalidating them.”
Whereas Myers pointed out that “These kind of mail credentials are useful for spammers and scammers who utilize accounts to spread malware and further their own access.”