RSA 2014: Dark Web Spammer Acquires 360m Credentials

A spammer has been caught storing 360 million emails and logins in a single store on the dark web, according to a security firm.

That one person has managed to acquire masses of email addresses and passwords for various email services, including Hotmail, Gmail and Yahoo, said Hold Security.

It is one of the biggest single stores of stolen logins ever seen, Alex Holden, chief information security officer at Hold Security,  told TechWeekEurope at the RSA 2014 conference. In recent months, five to 10 million credentials have hit the market every 30 days or so, meaning this leak was comparatively epic.

Epic spammer theft

Holden, who said he had found some of his own credentials amongst the stolen data, told TechWeek had had been in touch with one of the email providers affected, as it was a customer. Others have not been alerted to apparent mass compromises of user accounts.

It is unclear how the spammer acquired the data. Holden said it was most likely through a variety of attacks.

Two to three weeks ago, Holden said he noticed a sudden upsurge in credentials hitting underground forums, which he subsequently investigated.

Many of those affected had various accounts compromised, rather than just one. It appeared the spammer was selling some of the data and that users of the biggest email providers were affected.

“He sells these things if it is convenient,” Holden told TechWeek. “This morning, I was looking at a subset of 117 million [stolen] credentials – there was 28 million for Hotmail.”

He said it would be a mammoth job to disclose the breach to affected email providers, but it was likely the company’s affected customer would work with parties to address the issue.

Hold Security helped uncover the epic breach of Adobe last year. Such large compromises of major services give password cracker tools more data to learn from, making brute force attacks quicker and more effective.

Are you a security expert? Try our quiz!