'Mind boggling' trove of 1.25bn emails discovered for sale on online black market

Cybersecurity firm reports that some companies will be unaware that their customers' data has already been breached

James Vincent
Thursday 27 February 2014 10:37 GMT
Comments
Discovery was made by cybersecurity firm Hold Security LLC
Discovery was made by cybersecurity firm Hold Security LLC

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

A “mind boggling” cache of personal data has been discovered for sale on the online black market. The trove included credentials from more than 360 million accounts and around 1.25 billion email addresses.

The discovery was made by cybersecurity firm Hold Security LLC, who say that they obtained the data over the past three weeks and noted that the records had been stolen in separate attacks.

One of these attacks reportedly yielded some 105 million records, making it the single largest data breach in cybercrime history.

"The sheer volume is overwhelming," said Alix Holden, chief information security officer of Hold Security.

Hold Security says that the email addresses came from all major providers including Google, Microsoft and Yahoo, and that many non-profit organizations and “almost all” Fortune 500 companies had been affected.

Holden also noted that many of the breaches had not yet been made public by the affected companies, and that many were possibly unaware they had been hacked. “We have staff working around the clock to identify the victims,” he said.

For this reason the danger posed by the breach applies to both consumers and companies. Although there were no financial details disclosed (eg credit card numbers), hackers could use the email addresses and passwords for sale to access anything from bank accounts to corporate records.

Graham Cluley, an online security consultant, told the BBC that the discovery was “Godzilla-sized”.

"There may be some duplicates but, even so, it sounds like a complete treasure trove for cybercriminals,” said Mr Cluley, noting that the details might be used not only to access accounts, but to discover new patterns in aid of future hacks.

"If people have a big database of passwords, they use it to find out what the regular ones are. The next time they want to crack into an account, they can use the most common passwords,” said Mr Cluley.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in