A huge number of emails and passwords have been stolen, and the records are being traded in the Russian criminal underworld.
According to Hold Security Founder Alex Holden, the massive breach involves 272.3 million accounts in total across platforms. Most of them are users of Mail.ru, the biggest email service in Russia, but considerable portions of them are users of Gmail, Hotmail and Yahoo.
Holden says the researchers of the company encountered the Russian hacker on an online forum, where he was showing off and putting up for sale the impressive amount of accounts he had collected. They soon found out that the entire cache consists of 1.17 billion login credentials.
To break down the figures, 57 million are from Mail.ru, 40 million from Yahoo, 33 million from Hotmail and 24 million from Gmail, and these were after the duplicates were eliminated. Aside from those, thousands of others in the mix are believed to be from Chinese and German email service providers.
"This information is potent. It is floating around in the underground and this person has shown he's willing to give the data away to people who are nice to him," Holden tells Reuters.
On an interesting note, the cybercriminal demands only 50 rubles, and to put that into perspective, that only amounts to less than $1. However, despite the negligible sum, Hold Security did not pay for it, as it's against the company's policy to purchase stolen data. Instead, the culprit asked the researchers to like his social media page and praise him on hacker forums.
"In all reality, 50 rubles is next to nothing, but we refuse to contribute even insignificant amounts to his cause ... finally the hacker just asks us to add likes/votes to his social media page," Holden says.
Giving in to what the hacker wants comes with a link to 10 GB worth of data available to the researchers, which Holden notes needs more than one hour to completely download.
This incident is the biggest hacking case since the cyberattack targeted at major banks and retailers in the United States two years back. It's also worth mentioning that large-scale breaches have been rampant lately, including the times when hackers attacked Verizon and the dating website for beautiful people.