Dive Brief:
-
Both Google and Russia-based email service Mail.ru said the majority of the 272.3 million account credentials obtained from a Russian hacker last week were bogus.
-
Alex Holden, founder and CISO of Hold Security, had told Reuters that his firm found one of the largest caches of stolen credentials ever uncovered and available for purchase in Russia, which set off concerns that several popular email providers had been hacked.
-
The stolen cache included almost 57 million Mail.ru accounts, from a Russia-email service provider, and "tens of millions" of credentials for Google, Yahoo and Microsoft email users. But the credentials appear not to be authentic, with credentials for either non-existent accounts or invalid passwords.
Dive Insight:
"More than 98% of the Google account credentials in this research turned out to be bogus," a Google representative wrote in an e-mail to Ars Technica. Meanwhile, Mail.ru said that more than 99.98% of the credentials it received from Hold Security were invalid.
Though the story triggered concerns that some major email providers had been hacked, Hold Security said from the beginning that the list was most likely a "collection of multiple breaches over time." Suspicions were also raised when the hacker responsible for the information offered to give it away in exchange for "favorable comments" in hacker forums.
The credentials were likely taken from unsecured third-party sites over a period of time then later aggregated, according to an Ars Technica report.
"We have no reason to believe that Mail.ru was breached directly, but these credentials could have been stolen from other sites which may hold private data of the users," Holden wrote.
Holden is a cybersecurity expert who previously uncovered other large data breaches, including a cache of 1.2 billion unique credentials in 2014—the world's biggest-ever recovery of stolen accounts.
