272 Million Email Accounts Have Been Hacked!

Mail.ru logo is seen in front of a displayed binary code in this illustration taken, May 4, 2016. REUTERS/Dado Ruvic/Illustration

It is one of the biggest stashes of stolen credentials uncovered since the U.S. bank and retailer cyber attacks from two years ago where 1.2 billion unique credentials were compromised. This time, 272 million usernames and passwords for email accounts were being traded in Russia’s criminal underground.

The majority of compromised email accounts came from Mail.ru, Russia’s most popular email service. More than 89% of their active email users were affected. Other email accounts that were hacked into included Google, Yahoo, and Microsoft. This discovery came after researchers found a Russian hacker bragging on an online forum about having collected hundreds of millions of stolen credentials – and that he was ready and willing to give them away.

And it’s not like the hacker was going to give the list away to only one person who he thought would like it. No, that’s hardly ever the case. These 272 million accounts, once hijacked, are illegally shared multiple times to multiple individuals and organizations. Some hackers, like this one, don’t do it for the money. This guy offered the list for less than $1, and when the research company offered to post favorable posts about him in the forums, he just gave a copy of the list to them for free.

Sadly, more mischief can be done than just accessing a person’s email account. That’s because many email provider members utilize the same username and password for their bank accounts, facebook accounts, entrance to websites and more. Security companies like Trust Guard recommend changing usernames and passwords often, making them as complex as possible, sharing them with no one, and making different usernames and passwords for each account. All hackers have to do is read an email from an account they’ve hacked into from a bank that is associated with that account and Boom! they immediately have access to the bank account. The same is true for gaining access to websites. Before long, the person’s website has been moved to another hosting company and the payment buttons transferred into the hacker’s bank account.

Very few online consumers and business owners are still blind to the fact that hackers can and do access their email accounts, social accounts, and websites. Obviously 272 million additional online users now know first-hand about the reality of getting their accounts compromised by no-good-doers. To find out more about online security and how to keep your business safe, visit Trust Guard’s Website Security page.