A hacker has traded more than 272 million account credentials to a cybersecurity company in exchange for praise on a social media platform for hackers.
Hacker asks for social media likes as ransom for 272 million passwords
Chief information officer at Hold Security and a cybersecurity researcher who specializes in Eastern European hacking, Alex Holden, said the hacker originally offered the cache to the company for the equivalent of just $11.
Hackers leak stolen Kenyan foreign ministry documents
Nigeria CommunicationsWeek reports that the passwords and usernames belonged to accounts from Russia's largest email provider, Mail.Ru, as well as a smaller number of accounts each from Gmail, Yahoo Mail and Microsoft Hotmail.
Although this doesn't mean there was a breach of the email services themselves, the cache, which was first reported by Reuters, contains a huge amount of data.
Chief information officer at Hold Security and a cybersecurity researcher who specializes in Eastern European hacking, Alex Holden, said the hacker originally offered the cache to the company for the equivalent of just $11, but after negotiations provided the information in exchange for plaudits on a members-only hacking forum.
ADVERTISEMENT
"He didn't value this data," said Holden.
Mail.Ru said it was examining the data to see how many passwords were currently connected to email accounts.
"As we have enough information we will warn the users who might have been affected," the company said in a statement, according to the Nigeria CommunicationsWeek report. "Mail.Ru email service has been working hard to continuously improve its security system."
Tech company, Yahoo, said it is also trying to examine the list of credentials.
ADVERTISEMENT
"We've seen the reports and our team is reaching out to Hold Security to obtain the list of accounts now. We'll update going forward," said Yahoo in a statement.
Microsoft didn't affirm whether its users were affected by the data dump, but it did say that the posting of passwords is a problem.
"Unfortunately, there are places on the Internet where leaked and stolen credentials are posted, and when we come across these, or someone sends them to us, we act to protect customers," a Microsoft spokesman said in a statement, according to the report. "Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access to their account."
JOIN OUR PULSE COMMUNITY!
ADVERTISEMENT
Eyewitness? Submit your stories now via social or:
Email: eyewitness@pulse.ng
Recommended articles
Tinubu is not afraid to make tough decisions even if they bring hardship
Anambra Govt to distribute new malaria vaccine, aims for malaria-free State
Commuters trek to work - Fuel hike halts Kaduna motorcyclists services
TETFund denies corruption allegation, vows to sanitise tertiary education system
Excessive heat in Kano State may lead to heat-stroke, meningitis cerebrum
Tinubu says Nigeria, Netherlands partnerships will aid economic development
Tinubu mourns Sen Ayogu Eze's passing, extends condolences
Edo Guber: Major setback for APC as PDP poaches influential chieftain
'We know Wike is your boss': Edwin Clark fires warning to PDP acting chair
ADVERTISEMENT