The 272 million 'hacked' Gmail, Hotmail, and other accounts may be fake

hackers

There's probably a good reason why a Russian hacker wanted to dump a supposed cache of 272 million account credentials to popular email services for less than $1.


That reason: The trove claiming to have millions of accounts from Yahoo Mail, Gmail, Hotmail, Russian email service Mail.ru and others, appears to be fake.
"Our security team has investigated and we don’t believe there is any significant risk to our users based on the claims shared with the press," a spokesperson for Yahoo told Tech Insider. Around 40 million user credentials purportedly came from the company's email service.
The largest number of accounts in the database supposedly came from Mail.ru. Minus duplicates of usernames and passwords, the data contained roughly 57 million accounts from the site, or more than half the number of people using Russia's leading email service.
But a spokesperson for Mail.ru dismissed the apparently hacked database as nothing more than a publicity stunt by Alex Holden of Hold Security, the researcher who claimed to have obtained it.
"The analysis shows that 99.982% of Mail.Ru account credentials found in the database are invalid. The database is most likely a compilation of a few old data dumps collected by hacking web services where people used their email address to register," spokesperson Madina Tayupova said in a statement to Tech Insider.
"Therefore, it is fair to assume that the sole purpose of issuing the report was to create media hype and draw the public attention to Holden’s cyber security business."
related report from Motherboard said Holden declined to share the data so journalists could verify it. When asked for a response to Mail.ru'stement, Holden noted that his original post about the database mentioned he had already seen "most of the data." He also told TI:
"While mail.ru provides access to their email services, their users use their mail.ru email addresses as unique user ids with other services outside of the mail.ru (i.e. social media). I do not believe that hackers stole data from mail.ru databases, but it looks like some of the services where mail.ru users used their email addresses as ids were compromised to gather this data."

Comments