Hacker Steals Passwords From 272 Million Accounts

Your email could be compromised. That’s according to cybersecurity experts that say a massive cache of user data, including usernames and passwords, has been put up for sale online.

The information was stolen from some 272.3 million accounts, the vast majority of which are Russian Mail.ru users, but also include Google, Yahoo, Hotmail, and Microsoft, according to Alex Holden, Hold Security founder and chief information security officer. Holden is the one who discovered the theft.

Holden says that the hack was carried out by taking password data from less secure sites, like Target.com, and paired with email addresses. If your passwords are different, you have nothing to worry about. If they're the same, you should change your email account password.

“Some people use one key for everything in their house,” Holden told The Guardian. “Some people have a huge set of keys that they use for each door individually.”

The hacker's location and his general methodology are known, though nothing more specific.

"We know [the hacker] is a young man in central Russia who collected this information from multiple sources," Holden told NBC News. "We don't know the way he did it or the reason why he did it."

The information cache is being hawked on the dark web, a black market so called because its sites are intentionally hidden from traditional search crawls.

"The data collection of consumers, the data collection of federal government employees, it's very obvious that it's targeted, that it's orchestrated, and that there is multiple groups in play here," Theresa Payton, former White House Chief Information Officer and current CEO of cybersecurity company Fortalice Solutions, told NBC News.

Password security is a major issue, and the official recommendation is that you change yours. Check out some tips for a more secure password here.

Advertisement
Advertisement