Hacker flogs '42.5m freshly stolen logins' for seventy-five cents

Researcher who paid a pittance also discloses 34m account leak from Russia's QIP

A hacker has sold what is allegedly hundreds of millions of stolen email account credentials – including 42.5 million never before disclosed – for just one dollar to researchers at intelligence firm Hold Security.

Accounts with usernames for Gmail, Yahoo!, Microsoft, Mail.ru and other large email providers are included in the stolen cache, apparently.

However, the login details are most likely fake or out of date. Google, Mail.ru and Yahoo! say the listed accounts do not match the passwords.

Holden's researchers apparently found the hacker boasting about the haul on Russian cybercrime forums, and were able to acquire the cache for 50 Rubles, or about US$0.75.

"For the reasons why the hacker virtually gave away the credentials, we do not know," Hold Security founder Alex Holden told The Register. "He stated that he wanted to 'get rid' of them without ever stating the reason for it. I share your opinion that this data can be misused for many malicious purposes from simplest spam to serious disruptions."

Holden says the stolen data was unsorted and divided into foreign and Russian batches by the Russian-speaking hacker. The intelligence man is supplying the data to affected parties.

Hackers hacking hackers

A separate breach Holden disclosed to The Register has seen some 34 million accounts for a popular instant messaging service sold on cybercrime forums.

That cache for major real-time unified communications platform QIP includes account nicknames and email addresses and passwords, and while it does not appear to be newly stolen, it is likely to have never been publicly offered on monitored crime forums.

"QIP is a major Russian language real-time unified communication platform," Hold says. "[Using] a single desktop or mobile app they connect message platforms like social media [such as] VK, and Facebook, ICQ, Jabber, Google Talk, mail.ru chat, ectera."

The legitimate service is a favourite of Russian hackers Holden says, with some having mobile phone numbers linked to their instant messaging platforms IM platforms which (like ICQ) are largely anonymous and used by the Russian hackers.

About 43 percent of the 34 million credentials relate to users who signed on with mail.ru email addresses.

Holden says the hacker "demonstrated specific interest in .ru domains" splitting their collections into foreign and Russian-centric services including mail.ru and yandex.ru

"He also had very few items in his collection from domains like .cn, .jp, or .in while statistically they should exceed many others." ®

Sponsored: Detecting cyber attacks as a small to medium business


Biting the hand that feeds IT © 1998–2020