2.7 billion Gmail, Yahoo and Hotmail accounts were compromised-the vulnerability warning-the black bar safety net

2016-05-09T00:00:00
ID MYHACK58:62201674616
Type myhack58
Reporter 佚名
Modified 2016-05-09T00:00:00

Description

Russian users of Gmail, Yahoo and Microsoft email Hotmail, etc. 2. 7 2 3 million accounts were compromised, and in the Russian underground black market trade.

! This time, Russian hackers successfully conducted a massive data leak accident. In this cyber attack, hackers stole 2. 7 2 3 million account, to Russia's most popular e-mail service Mail. ru user-oriented, in addition to the Gmail address, Yahoo, and Microsoft e-mail Hotmail users. Reuters said hundreds of millions of data currently in the“Russian underground Black Market”sale. The data breach events by the Hold Security founder and Chief Information Security Officer Alex Holden confirmed and reported. Alex told Reuters that their company received a Russian hacker information, say has 1 0 million e-mail address. And expressed willingness to sell these data. This thing also reminds us remembered occurred in 2 0 1 3 year of data breaches, hackers from Facebook, Gmail, Twitter and Yahoo steal to 2 0 0 million data Alex said: “This information is effective. They are now the underground Black Market spread and stolen data hackers also expressed willingness of the data is given and he wanted to send any people.” Alex further said that the leaked data list, delete the duplicate account 还 包括 至少 5 7 0 0 万 Mail.ru that 3 3 0 0 million Hotmail, 4 0 0 0 thousand on Yahoo as well as 2 4 0 0 million Gmail address. In addition, the list also includes thousands of Chinese and German electronic mailbox address, server information, etc. Although it is found that the number of records is surprisingly large,and Hold Security for the payment to the hacker's money is even more amazing. A penny didn't give them The initial asking price is 5 0 rubles, less than $ 1 price,but Hold Security and hackers carried out the negotiations. Hold Security on the site wrote: “In fact, 5 0 rubles is trivial, but for this event, we reject the contribution of even so insignificant money. Such negotiations, in our opinion, is really quite ridiculous, but the result turned out to be the final hack only requires We to his social media page likes(anonymous can also be)。 This is something we can accept, once the hackers the satisfaction that we give to a database link, incredible is the content compressed after about 1 0 gigabytes, which requires we spend more than a few hours to download it.” Leaks cause analysis Industry experts suggest a few hackers leaked data of possible reasons, from a supply and demand relationship angle to consider, this content at the time is unconfirmed,thus it is possible for the buyer to say worthless. From the ESET information security researcher Lysa Myers 在 一 封 电子邮件 中 告诉 SCMagazine.com said: “My guess is that these mailbox credentials may be unverified or particularly stale(for example, which are some of the abandoned mailbox account). Hacking may be illegal polymerization of the different manufacturers of dump in the mailbox credentials,so it is likely he did not do so much to steal data, but only from the network to collect them.” And from Bugcrowd Jonathan Cran in an email to SCMagazine. com indicated that these were the leaked e-mail is still be used, but the“stolen mailbox credentials may soon fail, because, like mail. ru and Gmail so that the SaaS vendors are up to speed to void them.” Lysa Myers noted: “This type of mail credentials to send malicious spam to people, there is the use mailbox account to spread malicious software to achieve certain objectives of the crooks still useful. ” Spokesman statements The matter with Microsoft after contact, the spokesman said: “Unfortunately, the leaked and stolen data published on the Internet, streaming, in we know this thing the first time, we immediately take measures to protect our users.” The spokesman also said that Microsoft company has implemented special security measures, and this investigation. Google is also trying to solve this problem, its spokesman, said: “Microsoft has in place security measures can detect the user identity, by additional information to verify an account holders identity, to help them re-access their account the only access rights.” Currently, large-scale data leakage problem becomes more and more prominent. 2 0 1 5 the year also happened on such a large scale data breach cases, the hackers stole at least 1 million of data, including J. P. Morgan and the Wall Street Journal of confidential data and information. Become by far the United States occurred in the largest data breach event.