Stories are going around that hundreds of millions of usernames and passwords of Mail.ru, Gmail, Hotmail and Yahoo Mail users are being traded on Russian underground websites. The information comes from Alex Holden, the founder of Hold Security, who claims details of 272.3 million stolen accounts are being traded. The origin of the leak seems to be a young Russian hacker, who is willing to give out the information for free:
Holden stumbled on the discovery after he saw a young Russian hacker - since nicknamed "The Collector" - bragging about the information haul in an online forum. He was asking for just 50 rubles – less than $1 – for the lot, but Holden was given the information for free after he said he'd big up the hacker online.
"This information is potent," Holden said. "It is floating around in the underground and this person has shown he's willing to give the data away to people who are nice to him. These credentials can be abused multiple times."
The leak reportedly contains 40 million Yahoo Mail credentials, 33 million Hotmail credentials, and 24 million Gmail credentials. The potency of the leak is unknown, Mail.ru claims they're investigating the issue but revealed initial checks found no live combinations of usernames and passwords that match existing email accounts.