More than 33 million Microsoft email accounts were breached and user credentials stolen, a new report from Hold Security confirms.
Microsoft has been embroiled in a cybercrime situation after a hacker out of Russia claimed to have obtained hundreds of millions of login information from a number of major email services. According to Reuters, the hacker claims to have stolen data from Microsoft, Gmail, Yahoo, and Russian provider Mail.ru.
While Mail.ru is apparently the biggest victim, the number of login credentials taken from Microsoft's Hotmail service is said to number in millions. The information was reported by Hold Security, which said some 33 million Microsoft (thought to be mostly Hotmail) were breached, along with 24 million from Gmail and 40 million from Yahoo Mail.
In a statement Microsoft confessed that such data breaches are (“unfortunately”) expected and said it has measures in place to protect users.
“Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access.”
Needless to say, if you are running one of those services (or indeed Mail.ru), then it is probably a good idea to change your password today. Hold Security says it is one of the biggest data breaches in recent memories and is hugely dangerous considering the kinds of personal and financial information many users now have in emails.
Speaking to Reuters, Hold Security founder Alex Holden said the company uncovered a young Russian hacker boasting of his achievement on a forum. The number totaled over one billion, but many turned out to be duplicate account information.
“This information is potent. It is floating around in the underground and this person has shown he's willing to give the data away to people who are nice to him. These credentials can be abused multiple times,” Holden said.
It seems as though the hacker was seeking to cause trouble and not financial gain, and was asking for just $1 for the entire data breach. Holden said his company does not purchase stolen data, but managed to convince the Russian to hand over the data in exchange for a good review on the forum.