Russian Hackers Rob 272 Million Gmail And Yahoo Accounts, Change Your Password NOW

It's good computing practice to change your passwords every now and then, and also after a major hacking incident. The latter is why you should considering changing your Gmail or Yahoo password at your earliest convenience—over 272 million online accounts have been stolen and are being traded in Russia's underground market.

Researchers from Hold Security told Reuters that it found a Russian hacker gloating in a web forum that he had stolen a larger number of online credentials. His cache of compromised accounts totaled 1.17 billion, though many of them were duplicates. After eliminating redundant entries, the security outfit counted 57 million accounts, just 7 million shy of the monthly active email users the service said it had at the end of 2015.


Hold Security also found millions of compromised accounts belonging to other major email services, including 40 million Yahoo Mail accounts, 33 million Microsoft Hotmail accounts, and 24 million belonging to Gmail. Collectively, the three services account for 36 percent of the total number of stolen accounts.

"This information is potent. It is floating around in the underground and this person has shown he's willing to give the data away to people who are nice to him," said Alex Holden, founder and chief information officer of Hold Security. "These credentials can be abused multiple times."

Oddly enough, the hacker asked for a measly 50 roubles, which is less than a dollar in U.S. currency, for the entire collection of compromised accounts. Hold Security has a strict policy of not paying for stolen data, so it struck a deal in which the hacker forfeited his stash of stolen credentials in exchange for Hold Security posting positive comments about him in hacker forums.

If you added up the numbers above, you know the total doesn't come to 272 million. The remaining accounts that were compromised seem to belong to employees at U.S. banking, manufacturing, and retail outfits.

Maybe if these major product and service providers employed something like ProtectWise on their networks, someone could rewind the whole mess, determine the root of the exploit and seal it off for good.