'Mind boggling' trove of 1.25bn emails discovered for sale on online black market

Cybersecurity firm reports that some companies will be unaware that their customers' data has already been breached

James Vincent
Thursday 27 February 2014 10:37
Comments
Discovery was made by cybersecurity firm Hold Security LLC
Discovery was made by cybersecurity firm Hold Security LLC

A “mind boggling” cache of personal data has been discovered for sale on the online black market. The trove included credentials from more than 360 million accounts and around 1.25 billion email addresses.

The discovery was made by cybersecurity firm Hold Security LLC, who say that they obtained the data over the past three weeks and noted that the records had been stolen in separate attacks.

One of these attacks reportedly yielded some 105 million records, making it the single largest data breach in cybercrime history.

"The sheer volume is overwhelming," said Alix Holden, chief information security officer of Hold Security.

Hold Security says that the email addresses came from all major providers including Google, Microsoft and Yahoo, and that many non-profit organizations and “almost all” Fortune 500 companies had been affected.

Holden also noted that many of the breaches had not yet been made public by the affected companies, and that many were possibly unaware they had been hacked. “We have staff working around the clock to identify the victims,” he said.

For this reason the danger posed by the breach applies to both consumers and companies. Although there were no financial details disclosed (eg credit card numbers), hackers could use the email addresses and passwords for sale to access anything from bank accounts to corporate records.

Graham Cluley, an online security consultant, told the BBC that the discovery was “Godzilla-sized”.

"There may be some duplicates but, even so, it sounds like a complete treasure trove for cybercriminals,” said Mr Cluley, noting that the details might be used not only to access accounts, but to discover new patterns in aid of future hacks.

"If people have a big database of passwords, they use it to find out what the regular ones are. The next time they want to crack into an account, they can use the most common passwords,” said Mr Cluley.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

By clicking ‘Create my account’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in