Google Microsoft email account theft: Russian hackers Carnival-email, Google, Microsoft, hack-IT information

On May 5, according to foreign reports, a security expert said, hundreds of millions of stolen e-mail accounts and other Web site user name and password are Russia's black market trading.

Security firms Hold Security founder and chief information security officer, aliekesi·huodun (Alex Holden), has been found to 272.3 million stolen accounts, most accounts come from Russia's most popular e-mail Mail.ru users, a small number of e-mail users from Google, Yahoo and Microsoft.

The e-mail account and password was stolen, has been became hacker attacks two years ago United States banks and retailers, one of the biggest network security intrusion event.

Prior to this, Horton also helped expose some of the world's largest known data intrusion events. These security intrusions into graphic design, publishing and imaging software company Adobe Systems, JP Morgan Chase tens of millions of users and target companies, let them expose among a variety of cyber crimes that followed.

Hold Security company found a young researchers in a Web Forum Russia hacker claims he has collected a large amount of stolen account and password, and are ready to put them out.

Horton said, after you delete the duplicate account, the security intrusion event involved nearly 57 million Mail.ru account. At the end of last year, Mail.ru has just claimed that it has 64 million monthly active users. In other words, Mail.ru, the vast majority of the user's account had been hacked. The data were stolen in a security intrusion event also includes three of the world's largest email provider Google, Microsoft and Yahoo's tens of millions of accounts and passwords, Germany and email provider in China hundreds of thousands of email accounts.

"The stolen data is very large. The news has spread like wildfire on the black market. Above Russia hacker says he is willing to use these data to Nice to people. "Houghton said," these accounts and passwords could have been abused many times. ”

Price less than $ 1

Paradox is that the hacker's asking price is only 50 rubles for all these data – US $ 1. Researchers agree that hacking Forum Hold Security companies helped him after the good word, the hacker was eventually submitted to the company all of the data groups. Horton said his company's policy is to refuse to pay for stolen data.

On such a large scale theft of data may be used to further steal account of the contact associated with the stolen account information, thereby greatly increasing financial risks of theft or loss of reputation.

Hackers know likes to reuse the user preference for the password. Despite repeated advice from security experts regularly change passwords or set more complex passwords, but they never listen. Because of this, hackers tend to use an account password to log on to the user's other accounts.

Was informed that the large email accounts after the news of the invasion, Mail.ru spokeswoman said, "we are verifying the e-mail user's user name and password match their e-mail. Once we verify clear, we will immediately notify the relevant user. "She said, adding that, Mail.ru preliminary examination did not reveal any user name and password match the existing e-mail messages.

A Microsoft spokesman said stolen e-mail account a message has unfortunately become a reality. "Microsoft has deployed some security measures to detect the affected accounts. It also needs more information to confirm the identity of the account owner, and to help them to gain exclusive rights to log on. ”

Yahoo and Google have yet to comment.

Yahoo Mail email account of the invasion for 40 million, 15% of the total 272.3 million stolen accounts, while Microsoft hacked Hotmail account for 33 million, accounted for 12% Google hacked Gmail account number to 24 million, compared to about 9%.

There are thousands of stolen user and password appear to be some large United States banking institutions, production companies and retail company employees.

According to the cloud Security Alliance (Cloud Security Alliance), according to a recent survey reported that network account information stolen 22% of the total data intrusion events.

Horton is Ukraine-American, he specializes in Eastern European cyber crime threat. In 2014, he revealed a 1.2 billion account was invaded. It became the largest account of the invasion has been found around the world.

His company is responsible for tracking dynamic information in forums and chat rooms to monitor potential cybersecurity threats. They use the hacker jargon to communicate with them, and records and to establish individual criminal files.

Horton said the differential scattered the stolen account information, the identity of the hacker may expose researchers in his investigative methods. Because of the hacker is from multiple sources to these data, so the researchers gave him the nickname "the collector".

10 days ago, Hold Security companies have informed the organization affected by the invasion of the data. The company's policy is to find the stolen data freely to the invasion of the company.

"This data is stolen, we will not knowingly. "Mr Hutton said.

谷歌微软电子邮件账户被盗： 俄黑客狂欢 - 电子邮件,谷歌,微软,黑客 - IT资讯

5月5日消息，据外电报道，一名安全专家称，数亿个被盗的电子邮件账户和其他网站的用户名和密码正在俄罗斯的黑市进行交易。

安全公司Hold Security的创始人兼首席信息安全官阿列克斯·霍顿（Alex Holden）称，在已被发现的2.723亿个被盗账户中，大多数账户来自于俄罗斯最受欢迎的电子邮件Mail.ru用户，小部分来自于谷歌、雅虎和微软电子邮件用户。

此次电子邮件账户和密码被盗事件，已成为了自两年前网络黑客袭击美国银行和零售商以来规模最大的网络安全入侵事件之一。

此前，霍顿也帮助揭露了一些全世界已知的最大规模的数据入侵事件。这些安全入侵事件影响到了图形设计、出版和成像软件设计公司Adobe Systems、摩根大通和塔吉特公司的数千万个用户，让他们暴露在了随后发生的各种网络犯罪活动之中。

Hold Security公司的研究人员在一个网络论坛上发现一名年轻的俄罗斯黑客宣称，他已收集了大量的被盗账户和密码，并准备将它们公布出去。

霍顿称，在删除复制的账户后，此次安全入侵事件涉及到将近5700万个Mail.ru账户。而在去年底，Mail.ru刚刚宣称它拥有6400万个月活跃用户。这就是说，Mail.ru的绝大多数用户的账户均遭到了黑客入侵。此次安全入侵事件中被盗的数据还包括全球三大电子邮件供应商谷歌、微软和雅虎的数千万个账户和密码，德国和中国电子邮件供应商的数十万个电子邮件账户。

“这些被盗的数据是非常庞大的。这个消息已在黑市上不胫而走。上述俄罗斯黑客称，他愿意将这些数据交给对他好的人。”霍顿说，“这些账户和密码可能已多次遭到滥用。”

交易价格不到1美元

吊诡的是，这名黑客对所有这些数据的要价仅为50卢布——不到1美元。在Hold Security公司的研究人员同意在黑客论坛上帮助他说好话之后，这名黑客最终向该公司提交了全部数据组。霍顿说，他的公司的政策就是拒绝付费购买被盗的数据。

这样大规模的失窃数据可能被用来进一步窃取与被盗账户相关的联系人的账户信息，从而大大提高了人们的财务失窃或名誉受损的风险。

黑客们知道用户喜欢重复使用他们偏爱的密码。尽管安全专家一再劝告用户经常更改密码或设置更复杂的密码，但是他们从来不听。正因如此，黑客往往能够利用一个账户中的密码来登录这个用户的其他账户。

在获悉此次大规模电子邮件账户被入侵的消息后，Mail.ru的发言人称，“我们正在核查电子邮件用户的用户名和密码是否匹配他们的电子邮件。一旦我们核查清楚之后，我们就会立即通知相关用户。”她还补充说，Mail.ru的初步检查结果并未发现任何用户名和密码与现有的电子邮件匹配。

微软发言人则称，电子邮件账户被窃的消息不幸已成为了现实。“微软已部署了相应的安全措施来检测受到影响的账户。它还需要更多信息来确认账户所有者的身份，并帮助他们重新获得独享的登录权。”

雅虎和谷歌尚未就此发表评论。

雅虎被入侵的Mail电子邮件账户为4000万个，占全部2.723亿个被盗账户的15%；与此同时，微软被入侵的Hotmail账户为3300万个，占比为12%；谷歌被入侵的Gmail账户数量为2400万个，占比约为9%。

还有数千个被盗的用户和密码似乎属于某些大型美国银行机构、生产公司和零售公司的员工。

据云安全联盟（Cloud Security Alliance）最近公布的一项调查报告称，网络账户信息被盗事件占全部数据入侵事件的22%。

霍顿是乌克兰裔美国人，他专门研究东欧网络犯罪威胁。在2014年，他披露称有12亿个账户被入侵。这成为了全世界已被发现的最大规模的账户入侵事件。

他的公司负责跟踪论坛和聊天室里的动态信息，监测潜在的网络安全威胁。他们利用这些黑客的行话与他们交流，并记录和建立各个犯罪分子的档案。

霍顿称，鉴别散布这些被盗账户信息的黑客的身份，可能会曝光他的研究人员的调查性方法。由于这名黑客是从多个渠道收集到这些数据的，因此研究人员给他起了一个绰号“收集者”。

10天前，Hold Security公司已通知了受此次数据入侵事件影响的组织。该公司的政策是将找回的被盗数据无偿地还给被入侵的公司。

“这是被盗的数据，我们是不会销赃的。”霍顿说。