A hacker has traded more than 272 million account credentials to a cybersecurity company in exchange for praise on a social media platform for hackers.
Hacker asks for social media likes as ransom for 272 million passwords
Chief information officer at Hold Security and a cybersecurity researcher who specializes in Eastern European hacking, Alex Holden, said the hacker originally offered the cache to the company for the equivalent of just $11.
Hackers leak stolen Kenyan foreign ministry documents
Nigeria CommunicationsWeek reports that the passwords and usernames belonged to accounts from Russia's largest email provider, Mail.Ru, as well as a smaller number of accounts each from Gmail, Yahoo Mail and Microsoft Hotmail.
Although this doesn't mean there was a breach of the email services themselves, the cache, which was first reported by Reuters, contains a huge amount of data.
Chief information officer at Hold Security and a cybersecurity researcher who specializes in Eastern European hacking, Alex Holden, said the hacker originally offered the cache to the company for the equivalent of just $11, but after negotiations provided the information in exchange for plaudits on a members-only hacking forum.
ADVERTISEMENT
"He didn't value this data," said Holden.
Mail.Ru said it was examining the data to see how many passwords were currently connected to email accounts.
"As we have enough information we will warn the users who might have been affected," the company said in a statement, according to the Nigeria CommunicationsWeek report. "Mail.Ru email service has been working hard to continuously improve its security system."
Tech company, Yahoo, said it is also trying to examine the list of credentials.
ADVERTISEMENT
"We've seen the reports and our team is reaching out to Hold Security to obtain the list of accounts now. We'll update going forward," said Yahoo in a statement.
Microsoft didn't affirm whether its users were affected by the data dump, but it did say that the posting of passwords is a problem.
"Unfortunately, there are places on the Internet where leaked and stolen credentials are posted, and when we come across these, or someone sends them to us, we act to protect customers," a Microsoft spokesman said in a statement, according to the report. "Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access to their account."
JOIN OUR PULSE COMMUNITY!
ADVERTISEMENT
Eyewitness? Submit your stories now via social or:
Email: eyewitness@pulse.ng
Recommended articles
Thunderstorms will rumble across Nigeria in the next 3 days, NiMet warns
Nestle's sugar-coated infant milk not registered, sold in Nigeria – NAFDAC
Gov Otu inaugurates 50,000-hectare rice farm in Cross River
Enugu community conducts mass burial for 8 victims of communal clashes
I can easily get Atiku and Wike to work together - PDP chairmanship aspirant, Suswam
Prices of foodstuff drop in Adamawa, Borno, Yobe
Benin traditional council suspends 5 chiefs who linked Benin origin to Ile-Ife
Nigeria would have gone bankrupt if I didn't remove fuel subsidy - Tinubu
Navy recruits 1,486 personnel to tackle oil theft, piracy – Minister
ADVERTISEMENT