Researcher who paid a pittance also discloses 34m account leak from Russia’s QIP
A hacker has sold hundreds of millions of stolen email credentials – including 42.5 million never before disclosed – for just one dollar to researchers at intelligence firm Hold Security.
The move has confounded the researchers and undoubtedly many cybercrime watchers.
Accounts with usernames for Gmail, Yahoo!, Microsoft, Mail.ru and other large email providers are included in the stolen cache.
It is unknown how many of the credentials are legitimate matches for the email account providers because it is possible the haul has been taken from third party services.
Those services could allow users to sign in with their email address but not necessarily the same password they use with gmail for instance.
Users could of course reuse their email passwords which research regularly shows they often do.
Holden’s researchers found the hacker boasting about the haul on Russian cybercrime forums and were able to acquire the cache from the felon for 50 Rubles, or about US$0.75.
“For the reasons why the hacker virtually gave away the credentials – we do not know,” Hold Security founder Alex Holden told The Register.
“He stated that he wanted to ‘get rid’ of them without ever stating the reason for it.
“I share your opinion that this data can be misused for many malicious purposes from simplest spam to serious disruptions.”
Hold says the stolen data was unsorted and divided into foreign and Russian batches by the Russian-speaking hacker.
The intelligence man is supplying the breached data to affected parties.
Hackers hacking hackers
A separate breach Holden disclosed to The Register has seen some 34 million accounts for a popular instant messaging service sold on cybercrime forums.
That cache for major real-time unified communications platform QIP includes account nicknames and email addresses and passwords, and while it does not appear to be newly stolen, it is likely to have never been publicly offered on monitored crime forums.
“QIP is a major Russian language real-time unified communication platform,” Hold says. “[Using] a single desktop or mobile app they connect message platforms like social media [such as] VK, and Facebook, ICQ, Jabber, Google Talk, mail.ru chat, ectera.”
The legitimate service is a favourite of Russian hackers Holden says, with some having mobile phone numbers linked to their instant messaging platforms IM platforms which (like ICQ) are largely anonymous and used by the Russian hackers.
About 43 percent of the 34 million credentials relate to users who signed on with mail.ru email addresses.
Holden says the hacker “demonstrated specific interest in .ru domains” splitting their collections into foreign and Russian-centric services including mail.ru and yandex.ru
“He also had very few items in his collection from domains like .cn, .jp, or .in while statistically they should exceed many others.” ®
Rise of the machines