Sign in / up

back to article Hacker flogs '42.5m freshly stolen logins' for seventy-five cents

A hacker has sold what is allegedly hundreds of millions of stolen email account credentials – including 42.5 million never before disclosed – for just one dollar to researchers at intelligence firm Hold Security. Accounts with usernames for Gmail, Yahoo!, Microsoft, Mail.ru and other large email providers are included in the …

COMMENTS

House rules Send corrections
This topic is closed for new posts.
  1. DaLo
    Facepalm

    "He stated that he wanted to 'get rid' of them without ever stating the reason for it.

    A digital file, and he 'wants to get rid of them' by selling them for a dollar?

    Did he realise that once he sold them he still had them, and was stuck in a never ending loop of selling them and them still being there until the day dawned on him that there was a delete button and all his problems were solved in one key press?

    7 0
    1. Bumpy Cat
      Reply Icon
      Joke

      It's like a pack of 6 hot dog buns and a pack of 8 hot dogs - you always have some left over. Likewise in this case he couldn't just throw away the accounts he hasn't exploited, so he sold them, even if it's for a notional sum.

      0 0
      1. I ain't Spartacus Gold badge
        Reply Icon
        Coat

        Not always. You buy 3 lots of hot dogs, and 4 lots of buns, and they last packets will finish at the same time.

        Sorry, did you not want to know that...

        4 0
      2. ralphh
        Reply Icon

        https://xkcd.com/1641/

        1 0
  2. HieronymusBloggs

    "Returned to the rightful owners"

    From the Hold web site:

    "Today, large amounts of stolen credentials may not grab headlines, but they never lose their potency, especially when they are recovered by the good guys and returned to the rightful owners. "

    What do they mean? Is this a joke?

    9 0
    1. David Nash Silver badge
      Reply Icon

      Re: "Returned to the rightful owners"

      Maybe they think the thief stole people's post-it notes with their passwords written on, so they could no longer log in because they didn't have the passwords any more.

      3 0
  3. Anonymous Coward
    Anonymous Coward

    He meant to ask for Bitcoin...

    ...and accidentally typed in Rubels

    6 0
  4. nuked

    Perhaps...

    ...an intellectual challenge defence is being prepared...

    1 0
  5. Hans Neeson-Bumpsadese Silver badge

    SSO

    Google use that single set of email login credentials for access to all of their services. Likewise, I need to use my Yahoo! Email! Credentials! to log onto Flikr.

    On the face of it, this is an email ID/password heist, but scope is fa greater than just unauthorised access to email.

    1 0
    1. Seajay#
      Reply Icon

      Re: SSO

      I hadn't realised the impact of SSO before and I'm now trying to disentangle myself from it. Because Google makes it so convenient to tie everything to one account I had just gone along with it but it is a terrible idea.

      If I want to be able to run play store bought apps on my phone, I need to be signed in to my Google account. That's no problem, it asks for my password again for purchases. However, if I handed my phone to someone in that state they would also have access to my mail. My phone doesn't have google drive on it but if they installed it, it would automatically use the existing account without requiring the password again so they'd have access to my files etc, etc.

      1 0
      1. alferdpacker
        Reply Icon

        Re: SSO

        You're not wrong but the real security leak you're experiencing is hinted at in "if I handed my phone to someone" ;)

        4 1
        1. Allan George Dyer
          Reply Icon
          Holmes

          Re: SSO

          So phones should be multi-user devices? Then we can hand our phone to someone, and they login with their account to make the call...

          0 0
          1. Paul_Murphy
            Reply Icon

            Re: SSO

            I believe that android has/ had a feature where one user has their login/ swipe pattern and a separate swipe pattern would go to different account - I haven't used it (if it exists) and it may have only been on cyanogenmod, but it sounds like a useful feature.

            0 0
      2. Hans Neeson-Bumpsadese Silver badge
        Reply Icon

        Re: SSO

        "I hadn't realised the impact of SSO before and I'm now trying to disentangle myself from it."

        I rather suspect that disentangling yourself from that will be akin to trying to get toothpaste back into the tube.

        0 0
  6. Paratrooping Parrot
    Paris Hilton

    Another password change?

    Sorry, but does this mean that we all have to change our Google, Microsoft and Yahoo passwords?

    0 0
  7. Version 1.0 Silver badge

    Stolen? or maybe invented?

    I don't take these claims seriously.

    In my experience - looking at the spam traps on the email server - the vast majority of these email addresses are pure inventions. We have many domains whose only legitimate email addresses are the postmaster/admin address, these domains are parked and have never had any other email addresses. Yet we get 10's of emails every hour to addresses which are complete fictions.

    1 0
  8. ZenCoder
    Unhappy

    PR stunt

    Sell your goods at $.75, get publicity, get your good verified as legitimate by security professionals ... I imagine if your a cyber criminal that's just good marketing.

    3 0
  9. Anonymous Coward
    Anonymous Coward

    75 cents...

    thats like one and a half Curtis James Jackson lll

    0 0
  10. Anonymous Coward
    Anonymous Coward

    The article says "passwords", but surely they are passwords that are salted and hashed? Good luck with brute- forcing my gmail password.

    0 0
    1. diodesign (Written by Reg staff) Silver badge
      Reply Icon

      Re: pw42

      Yeah - it's not clear from Hold Security whether these are hashed or not. I can imagine it's a mix of hashed and unhashed.

      C.

      0 0
This topic is closed for new posts.

Other stories you might like