A “mind boggling” cache of personal data has been discovered for sale on the online black market. The trove included credentials from more than 360 million accounts and around 1.25 billion email addresses.
The discovery was made by cybersecurity firm Hold Security LLC, who say that they obtained the data over the past three weeks and noted that the records had been stolen in separate attacks.
One of these attacks reportedly yielded some 105 million records, making it the single largest data breach in cybercrime history.
"The sheer volume is overwhelming," said Alix Holden, chief information security officer of Hold Security.
Hold Security says that the email addresses came from all major providers including Google, Microsoft and Yahoo, and that many non-profit organizations and “almost all” Fortune 500 companies had been affected.
Holden also noted that many of the breaches had not yet been made public by the affected companies, and that many were possibly unaware they had been hacked. “We have staff working around the clock to identify the victims,” he said.
For this reason the danger posed by the breach applies to both consumers and companies. Although there were no financial details disclosed (eg credit card numbers), hackers could use the email addresses and passwords for sale to access anything from bank accounts to corporate records.
Graham Cluley, an online security consultant, told the BBC that the discovery was “Godzilla-sized”.
"There may be some duplicates but, even so, it sounds like a complete treasure trove for cybercriminals,” said Mr Cluley, noting that the details might be used not only to access accounts, but to discover new patterns in aid of future hacks.
"If people have a big database of passwords, they use it to find out what the regular ones are. The next time they want to crack into an account, they can use the most common passwords,” said Mr Cluley.