The Deep Web is churning up an illicit trade in usernames and passwords stolen in an spiralling catalogue of undocumented data breaches on organisations
For just a few likes on a social media page, 272.3m hacked email usernames and passwords stolen in a major data breach are being traded in Russia’s criminal underworld, a security research firm has discovered.
Hold Security has claimed to have recovered some 272.3m stolen credentials from a collector.
The company said it recovers on average 100m stolen credentials every month and recovered 120m in the past month alone.
‘At the end, this kid from a small town in Russia collected an incredible 1.17bn stolen credentials from numerous breaches that we are still working on identifying’
– HOLD SECURITY
According to Reuters, the majority of credentials belong to users of Mail.ru, Russia’s most popular email service, as well as addresses belonging to Google, Yahoo and Microsoft email users.
The company was able to acquire the large data set that was stolen from an Eastern European communications firm for just a few likes to the trader’s social media page after spurning an initial offer for just 50 rubles.
Hold Security said that there are greater amounts of data now flowing from the deep web of multiple undocumented data breaches of organisations.
To get an idea of the level of activity, the company in the past recovered 360m stolen Adobe credentials and 1.2bn credentials in the biggest breach known so far in breaches by the so-called CyberVor gang.
For a few likes on a social media page, a hacker from somewhere in Russia is trading in data stolen from an organisation through a well-executed breach.
“However, the story doesn’t end here,” Hold Security said in its blog.
“When we peel back the layers and dig deeper, we find that the hacker is holding something back from us. Within several days of communication and after a couple more strategically timed votes on his social media pages, he shared more useful information.
“At the end, this kid from a small town in Russia collected an incredible 1.17bn stolen credentials from numerous breaches that we are still working on identifying. 272m of those credentials turned out to be unique, which in turn, translated to 42.5m credentials – 15pc of the total – that we have never seen before.”
Russian dolls image via Shutterstock
