Massive Email Hack Database Sold By Russian Hacker For Less Than $1, But Should You Be Worried?

russian email hack google gmail hacked yahoo change password dark web hold security holden
A massive hack database including over 272 million Google, Yahoo and Microsoft email passwords was offered by a Russian hacker for less than $1. Find out was impacted and what you should do if you were. Getty Images

A massive database of login credentials for Google, Yahoo, Microsoft account users was leaked by a Russian hacker, putting millions at risk. But was it a real breach?  Find out who was impacted and what you should do if you were.


Gmail, Yahoo and Microsoft email users, it may be time to change your passwords again; a hack database containing login credentials for 272.3 million victims was recently acquired by security research firm, Hold Security. The database includes hacked passwords of users with email accounts at Google, Yahoo, Microsoft and, one of Russia’s most popular email services. Even more alarming, however, is the price at which the database was acquired: a single positive comment on a hacker forum.

That’s right. Some 1.17 billion records with over a quarter of a billion hacked account passwords were handed over to Hold Security founder, Alex Holden in exchange for just one thumbs up on a dark web forum .

Holden has played a central role in uncovering several major data breaches that affected millions at companies like Adobe Systems, JPMorgan and Target. According to Reuters, Holden’s hacked email database acquisition is one of the biggest collections of stolen credentials to be uncovered since the massive round of cyber attacks that hit major U.S. banks and retailers two years ago.

"Street Cred": How And Why Dark Web Hackers Try To Earn It


But if the breach was so large, why was the hacker willing to turn it over for no monetary gain? Basically, to earn street cred in the cyber-criminal world. According to Holden, who frequently lurks around Dark Web hacking forums, he recently discovered the young Russian hacker bragging about a massive database of stolen credentials he’d acquired – 1.17 billion records in all.

The hacker was asking 50 roubles (less than $1 in American currency) to access the files, but Holden was able to gain the database for free if he would just leave a positive comment about the hacker on an underground hacking forum. 

Underground hacking forums or message boards can only be accessed on the dark web via Tor Onion router, as browsers like Google do not index them. Gaining access to such forums – even the novice ones -- often requires knowing someone who can vouch for or invite you.

While the Dark Web can be used as a secure means of communicating by activist, journalists or individuals living under oppressive regimes, it is also a hotbed of illicit activity. Just as young delinquents might roam back alleys of big cities, finding and forming alliances with like-minded individuals, young hackers lurk on novice hacking forums. There, they can learn new techniques or beat their virtual chests, offering up gang initiation-like hacking feats in hopes of getting upvotes and positive comments from members of the community. As their street cred increases, hackers are sometimes invited to join even more exclusive forums where big-time cyber criminal activity is plotted and planned. Moving up the underground hacker ladder was likely why the Russian hacker surrendered such a large database free of charge.

Who Is Impacted By The Russian Email Hack? Should You Be Worried?

According to Hold Security, of the 272.3 million login credentials obtained 42.5 million of them were brand new, and have never been exposed before, making it one of the largest the researcher has ever seen. However, it may not necessarily be a reason to panic.

While the database does include millions of login credentials, it doesn't mean Google, Yahoo, Microsoft and servers themselves have been hacked. Rather, the hacker gathered the data from breaches of smaller or less secure websites where people use their email addresses along with a password to log in. Since many people use the same passwords across various websites, it is those individuals who largely be affected and should change their passwords.

The extent of the damage done by this breach has not yet been quantified, as all affected email providers are currently conducting their own investigations, but thus far they've found no major causes of concern.

Nonetheless, anyone with an email account at, Gmail, Yahoo or Microsoft  that has used a similar password on another web account should change their passwords as soon as possible, and follow best practices for creating secure passwords. As more is learned about the impact of the breach, we’ll be sure to provide an update.


Join the Discussion
Top Stories