Some of the world’s most popular email providers are investigating a report that the passwords and usernames of millions of users are freely available online after being leaked by a hacker.
Among those affected by the leak are said to be accounts from Gmail, Microsoft Hotmail, Yahoo Mail and Mail.ru.
According to a report by online security firm Hold Security, the login details to more than 272.3 million accounts have been leaked in an unprecedented cyber attack, thought to be one of the biggest online security breaches in recent history.
Alex Holden, founder and chief information security officer at Hold Security said that after removing duplicates, some 97 million users are believed to be affected by the breach.
Holden believes that the login details for around 57 million accounts from Russia’s Mail.ru, 40 million Yahoo accounts, 33 million Hotmail accounts and about 24 million Gmail accounts have been leaked.
Holden told Reuters that the leaked login data is being traded by the criminal underworld in Russia for just 50 roubles – about 25 Baht. However, Holden said his company refused to pay the hacker, who ended up handing over the data for free as long as some of Holden’s staff wrote favourable comments about him on an internet forum for hackers.
The data leak was only discovered Holden’s team found a young Russian hacker bragging on a forum that he had obtained the data.
Hold Security has previously uncovered other major data leaks at Adobe, Target and JP Morgan.
Holden added that those people who use the same password across multiple accounts are likely to be most affected by the breach.
“Some people use one key for everything in their house,” he said. “Some people have a huge set of keys that they use for each door individually.”
Anyone who uses the same password across multiple sites is urged to change their password immediately.
RELATED: How to Create a Strong Password
Yahoo, Google, Microsoft and Mail.ru have said they are investigating the claims.
In a statement made to Reuters, Mail.ru said: We are now checking, whether any combinations of usernames/passwords match users’ e-mails and are still active.
“As soon as we have enough information we will warn the users who might have been affected.”
It still remains unclear exactly how hackers managed to obtain such a vast amount of data from some of the world’s leading tech firms.