Site   Web

February 26, 2014

360M Account Credentials Discovered on Black Market

Image courtesy of (Stuart Miles) /

A cyber-security firm, in the past three weeks, has discovered 360 million account credentials for sale on the online black market.

Hold Security said the stolen credentials are the result of separate attacks, the largest of which was 105 million records — the largest breach of credentials to date. This breach included e-mail addresses and matching passwords, chief information security officer Alex Holden told IDG News, but added that it has not yet been discovered what Web services the user names and passwords unlock.

“In the first three weeks of February, we identified nearly 360 million stolen and abused credentials and 1.25 billion records containing only e-mail addresses,” the U.S. company said in a blog post. “These mind boggling numbers are not meant to scare you and they are a product of multiple breaches which we are independently investigating.”

While the list of e-mail addresses is not as serious as the breach of credentials, he told IDG News it could still be used by spammers.

Holden told Reuters this breach could be a more significant hazard to consumers and businesses than stolen credit card data because user names and passwords could grant hackers access to bank accounts, corporate networks and health records.

Holden told Reuters the credentials were likely filched in breaches that have not yet been made public. In fact, he added, it is possible the affected companies may not be aware they were hacked.

“We have staff working around the clock to identify the victims,” he said.


Jennifer Cowan is the Managing Editor for SiteProNews.