Russian 'Collector' Sells Stolen Email Credentials for a Song


ManageEngine OpManager, a powerful NMS for monitoring your network, physical & virtual (VMware/ HyperV) servers & other IT devices. Deploy and start monitoring in less than an hour. Trusted by over a million admins world-wide. Try it for free.

A hacker dubbed "The Collector" turned over 272 million stolen email credentials in his possession, Hold Security announced Wednesday.

The hacker bragged online about the stash, which included usernames and passwords, the firm said. It got a copy of the data -- which the hacker was peddling for 50 rubles, or less than US$1 -- after giving him a shout-out in the forum.

"We found a post on one of the Russian dark Web forums from a hacker alleging collecting hundreds of millions of credentials," said Alex Holden, chief information security officer at Hold Security.

"After further private conversations, he shared 1.17 billion records which contained 272 million unique user ID and password pairs," he told the E-Commerce Times.

The company realized the haul was the result of a number of different breaches, especially since 42.5 million, or 15 percent of the credentials, it had never seen on the black market before, Holden said.

Hold Security knows the vectors of the attacks, but most of the data is unattributed and too mixed to identify exactly how all of it was accessed.

The stolen credentials in that group included unencrypted passwords. In addition, most of the credentials were being traded on the black market but not widely shared, Holden said.

Hold Security isn't the only company that may have seen this information. "We make no illusion that this data was only shared with us," he said. "Given the ease with which it was given away, it was likely shared many times by the hacker," who he estimated to be between 18 and 25 years old.

The company is still trying to nail down the exact time frame, but the breaches definitely took place within the past year, it said.

A victim of this type of breach is vulnerable to all forms of activity, as the login credentials can be used to breach additional accounts and gain information about an email client, Holden warned.

"Your user ID and password are like your house keys," he said. "Once you lose a key, it is best to change the locks right away."

Underground dark Web forums operate in some ways similar to traditional social media networks, with hackers posting profile pages and exchanging goods and services to enhance their online reputation, according to Sasha Hellberg, a threat researcher at Trend Micro.

"Forums are made and broken by the number of active users and likes they have," she told the E-Commerce Times. "They link to their friends and their wares, and they promote each other and their capabilities."

Email credentials can be accessed using several methods, including publicly leaked breaches, credential theft botnets, brute-force attacks and phishing, said Cameron Sabel, intelligence analyst at FireEye.

Corporate accounts tend to be the most valuable to hackers as they are often used to breach corporate networks, he told the E-Commerce Times.

More alarmingly, GreatHorn has traced a security breach that may be directly linked to the Russian credential dump, CEO Kevin O'Brien said.

An account belonging to a prominent U.S. venture capitalist began sending a credential-stealing cloud document to GreatHorn and many of its clients, but it was not a spoofed message, had no malware or blacklisted URLs, and bypassed security gateways and made it directly into user inboxes.

"Based on our analysis, we believe this was a result of this attack," O'Brien told the E-Commerce Times. GreatHorn has seen logins to Europe that the attack compromised.

"The clear value of credentials to hackers is that they allow them to not only gain illicit access to the private data of the victims, but also use those same email accounts to move east-west -- that is, to laterally attack other trusted contacts," he said.

"Unfortunately, there are places on the Internet where leaked and stolen credentials are posted, and when we come across these or someone sends them to us, we act to protect customers," a Microsoft spokesperson in a statement provided to the E-Commerce Times by company representative Molly Terrell. "Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access to their account."

David Jones is a freelance writer based in Essex County, New Jersey. He has written for Reuters, Bloomberg, Crain's New York Business and The New York Times.

0 Comment

Leave a Reply

Captcha image


  • 5300c769af79e

    Netatmo 'Healthy Home Coach' Keeps Tabs on Air Quality

    Called "Healthy Home Coach," it offers you suggestions about how to improve indoor air quality, set the optimum temperature and humidity, and even make sure your kid's bedroom is quiet enough for optimal sleep.The home coach's combination of health and high tech was prompted by the fact that indoor living spaces are three to eight times more polluted than outdoors, according to a company news release.
  • 5300c769af79e

    TrustPort Internet Security Sphere (2017)

    I hoped that with two years of innovation rather than the usual one, I would see remarkable improvements in TrustPort Internet Security Sphere, which fared poorly in my last review.Compare Similar ProductsCompare Bitdefender Internet Security 2017 %displayPrice% Kaspersky Internet Security (2017) %displayPrice% Trend Micro Internet Security (2017) %displayPrice% Webroot SecureAnywhere Internet Security Plus (2016) %displayPrice% Bitdefender Total Security Multi-Device 2017 %displayPrice% Comodo Internet Security Complete 8 %displayPrice% Webroot SecureAnywhere Internet Security Complete %displayPrice% McAfee Internet Security (2017) %displayPrice% Symantec Norton Security Deluxe (2017) %displayPrice% McAfee LiveSafe (2017) %displayPrice% Symantec Norton Security Premium (2017) %displayPrice% Kaspersky Total Security (2017) %displayPrice% McAfee Total Protection (2017) %displayPrice% Trend Micro Maximum Security (2017) %displayPrice% At $37.
  • 5300c769af79e

    Facebook Eyes Steam With 'Gameroom'

    Free to players worldwide on Windows 7 and above, Gameroom features Web games and native titles built exclusively for the social network.Initially, however, games cannot be larger than 200MB, though Facebook will "consider" hosting games up to 500MB on a case-by-case basis, according to Engadget, which calls Gameroom "kludgy" and "something that's been gathering dust for awhile.
  • 5300c769af79e

    Monday Poll: Do You Use Gmail or Inbox for Your Email?

    All those features like bundling, snoozing and link saving, he can’t get enough of it.For me, I enjoy the basic, “it just works” approach to Gmail.