We haven't been able to take payment
You must update your payment details via My Account or by clicking update payment details to keep your subscription.
Update payment details
Act now to keep your subscription
We've tried to contact you several times as we haven't been able to take payment. You must update your payment details via My Account or by clicking update payment details to keep your subscription.
Update payment details
Your subscription is due to terminate
We've tried to contact you several times as we haven't been able to take payment. You must update your payment details via My Account, otherwise your subscription will terminate.
Update payment details

Accessibility Links

Skip to content
The Times & The Sunday Times
The Times & The Sunday Times
  • Subscribe
Subscribe

Hacker sells millions of email login details

James Dean
, Technology Correspondent
The Times
Usernames and passwords for Gmail, Microsoft Hotmail and Yahoo Mail accounts were discovered in the records
Usernames and passwords for Gmail, Microsoft Hotmail and Yahoo Mail accounts were discovered in the records
KACPER PEMPEL/REUTERS
James Dean
, Technology Correspondent
The Times

The email accounts of up to 2.4 million Britons could be at risk from cybercriminals after a cache of stolen login details was uncovered on the web.

Usernames and passwords for Gmail, Microsoft Hotmail and Yahoo Mail accounts were discovered in the records, according to Hold Security, a research company.

Login details for email services are valuable to cybercriminals because they help them to launch attacks on online banking and shopping websites. The details can also give them access to other online services, such as those for storing photographs and documents.

Alex Holden, founder and chief information security officer of Hold Security, said that his company had contacted email providers to inform them of the discovery.

The details were being offered for sale by a young Russian hacker who had bragged in an online forum about holding nearly 1.17 billion stolen records, Mr Holden said. The hacker had asked for 50 roubles (50p) for the information, saying: “I am just getting rid of it.”

Advertisement

The hacker handed the information to Hold Security after the company promised to post favourable comments about him in online forums, Mr Holden said. After stripping out duplicates, login details for 272 million email accounts, stolen from users around the world, remained. This included records for 40 million Yahoo Mail accounts, 33 million Hotmail accounts and 24 million Gmail accounts.

Mr Holden said that details of 2.4 million British accounts were among those in the cache.

“This information is potent,” he said. “It is floating around in the underground and this [hacker] has shown he’s willing to give the data away to people who are nice to him.” Mr Holden suggested that the login details had been stolen from multiple sources and could be “abused multiple times”.

The records included login details for 57 million Mail.ru accounts, the popular Russian email service. Hundreds of thousands of login details for German and Chinese email services were also discovered, as were thousands of usernames and passwords that appeared to belong to employees of American banks, manufacturers and retailers, Mr Holden said.

A spokesman for Microsoft said: “Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access.”

Advertisement

Yahoo did not respond to requests for comment and Google declined to comment.

In 2014 Mr Holden said that he had uncovered a cache of 1.2 billion stolen login details. His claim was backed by several security researchers but disputed by others.