As many as 97 million accounts have been compromised due to a huge cyber-attack on several high-profile email websites, and as many as 272.3 million users were probably affected according to Alex Holden, founder and chief information security officer of Hold Security. Though an attack of this scale has not been seen in years, the information in its entirety is being sold through Russia’s underground criminal network for, reportedly, next to nothing. The attack could have victimized as many as 40 million Yahoo Mail accounts, 33 million Hotmail accounts and 24 million Gmail accounts, but the majority of usernames are thought to be stolen from Mail.ru, Russia’s most popular email service.
The discovery came when a Russian hacker was found bragging on an online forum that he had gathered and was ready to sell an immense amount of stolen credentials. Strangely, however, the hacker asked for only 50 roubles, or $0.75, for the information, but gave it up for free after researchers who had discovered the site promised to “put in a good word” for him in other forums. A Microsoft spokesman said stolen online credentials was an unfortunate reality. “Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access.” Google and Yahoo did not release statements.