Skip to main content

A Russian hacker has 272 million stolen Gmail, Yahoo, and Hotmail passwords

gmail early phishing detection inbox
Image used with permission by copyright holder
It may be time to update the password for your email. Usernames and passwords for more than 250 million stolen Yahoo Mail, Gmail, Hotmail, and other accounts are being swapped around in Russia’s criminal underworld, according to Reuters.

These stolen accounts were discovered by Hold Security, where researchers found a Russian hacker, dubbed as “the Collector,” bragging that he was ready to “give away” these credentials, which totaled 1.17 billion records. The security company eliminated duplicates, and found the total number of compromised accounts to be 272.3 million.

Recommended Videos

The largest amount of compromised credentials, 57 million, belong to Mail.ru users, which is Russia’s most popular email service. The email service has 64 million monthly active users, which means the breach affects most of the company’s userbase.

The rest break down to other popular email clients including Yahoo Mail, which reportedly has 40 million emails compromised; Microsoft Hotmail, with 33 million; and Gmail, with 24 million stolen credentials. Other credentials from email providers in Germany and China are also affected. It’s not clear if any of these accounts have actually been breached.

Many of the emails link to employees of some of the largest U.S. banking, manufacturing, and retail companies. Hold Security has been informing affected companies and organizations.

“This information is potent,” Alex Holden, founder and chief information security officer at Hold Security, told Reuters. “It is floating around in the underground and this person has shown he’s willing to give the data away to people who are nice to him. These credentials can be abused multiple times.”

The Russian hacker allegedly asked for 50 rubles, less than $1, for the data. But the security company received a copy after it agreed to post positive comments about the Russian in various hacker forums. The company didn’t pay for the stolen data, as it went against company policy.

“We are now checking whether any combinations of usernames/passwords match users’ e-mails and are still active,” a Mail.ru spokesperson told Reuters. “As soon as we have enough information, we will warn the users who might have been affected.”

The Russian email provider’s initial checks found no live combinations of user names and passwords that match existing emails.

Google moves quickly to rectify compromised accounts it detects, but cannot speak to specific incidents, according to the search giant. These “credential dumps,” like the one Google discovered in 2014, are an unfortunate reality.

“It’s important to note that in this case and in others, the leaked usernames and passwords were not the result of a breach of Google systems,” the company said in the 2014 blog post. “Often, these credentials are obtained through a combination of other sources. For instance, if you reuse the same username and password across websites, and one of those websites gets hacked, your credentials could be used to log into the others. Or attackers can use malware or phishing schemes to capture login credentials.”

These password dumps are a good reminder to set up a recovery phone number so the Mountain View company can quickly contact users in worst-case scenarios, according to Google.

A Microsoft spokesperson told Reuters that the company has security measures in place to detect compromised accounts, and requires additional information to verify the account owner.

Google told Digital Trends the company did not have a comment on the specific incident at the moment, and Microsoft and Yahoo have yet to respond. We will update this post when we hear back.

Julian Chokkattu
Former Digital Trends Contributor
Julian is the mobile and wearables editor at Digital Trends, covering smartphones, fitness trackers, smartwatches, and more…
The next Snapdragon X chip will be even more powerful than we thought
The Qualcomm Snapdragon X Plus

As part of Qualcomm's latest Investor Day, the company confirmed that its next PC chip, the Snapdragon X Elite Gen 2, will use the Oryon v3 CPU. This comes as a surprise to many, as the Oryon v2 was just announced last month alongside plans to use it with the Snapdragon 8 Elite chipset for smartphones.

Since the current Snapdragon X Elite chip uses an Oryon v1 CPU, many assumed that the 2nd-gen chip would use the 2nd-gen CPU -- but it seems the PC chips will be skipping over this generation entirely.

Read more
The Windows 11 24H2 update is causing even more problems
Windows 11 logo on a laptop.

The Windows 11 24H2 update had already been giving users a real headache with problems such as bugs for visual layouts and flaws for certain wallpaper apps. And now, as Microsoft confirms in a support document, some people without administrative privileges can't change the time zone in the Date & Time view, among myriad other issues related to the important Windows 11 update.

A Feedback Hub post also reports a time issue after exiting Sleep Mode, specifically after about one out of every five overnight sleep cycles. There is also a report that the time is not syncing correctly following daylight saving time. Put differently, the update doesn't break the time zone, but only affects the toggle or makes it very difficult to modify it.

Read more
The 10 best monitors for 2024: tested and reviewed
OLED demo on the Asus ROG PG27AQDM.

Editor’s note: You should expect to see tons of great monitor deals on Black Friday and Cyber Monday this year. It's pretty much a guarantee that you'll find something that suits your needs at a discounted price, so long as you keep an eye out and pay close attention to what you're buying. Whether you're looking for a killer gaming monitor deal, a high-end 5K monitor deal, or even an OLED monitor deal, or something more on the budget side, we've got your covered. Make sure to check out our other Black Friday deals for even more bargains on TV, headphones, and more.

For those seeking a superior computer setup, a cutting-edge monitor is non-negotiable. As we move into 2024, the monitor market offers a wide range of options tailored to various needs, from immersive gaming displays to high-resolution panels for creative professionals. Whether you're looking for top-tier gaming performance with fast refresh rates, crisp visuals for productivity, or a versatile all-rounder, this year’s monitors bring cutting-edge features like OLED panels, high refresh rates, and enhanced connectivity. In this guide, we'll explore the best monitors you can buy in 2024, ensuring you find the perfect fit for your setup.

Read more