Mail.ru Denies Mass Password Breach; Researcher Stands by Findings

Advertisement
By Reuters | Updated: 7 May 2016 11:07 IST
Russia's top Internet company, Mail.ru said on Friday a sliver of its users' email accounts was vulnerable while denying that tens of millions of other users were at risk after researchers found its data circulating among cyber criminals.

The company said in a statement credentials tied to its email accounts appeared to have been stolen from other, unrelated sites such as social networks or e-commerce sites that ask users to sign up using email addresses like Mail.ru and pick passwords, which most often will not be the same as those for the email accounts.

"The database is most likely a compilation of a few old data dumps collected by hacking web services where people used their email address to register," the Moscow-based company said.

Advertisement

However, the security expert who uncovered what he said were hundreds of millions of hacked usernames and passwords into some of the world's biggest websites, said Mail.ru's own analysis suggested that tens of thousands of users were at risk.

Alex Holden, founder of Hold Security, a US firm that specialises in recovering stolen credentials from hackers, told Reuters on Wednesday his researchers had coaxed a young Russian hacker into disclosing the stolen data.

Reuters reported on Wednesday Hold Security's discovery of 272.3 million stolen credentials globally, including 57 million at Mail.ru and smaller fractions of the email user bases of Google, Yahoo and Microsoft . Mail.ru recently reported 64 million monthly active email users.

In a statement, the Moscow-based company said its own study of sample data provided by Holden had found that 99.982 percent of Mail.ru account credentials on the hit list were invalid. Most had incorrect passwords or used fake email addresses.

Advertisement

But the company acknowledged that 0.018 percent of the usernames and passwords might have worked and said: "We have already notified the affected users to change their passwords."

A Yahoo spokesperson said the company had obtained a sample of Hold Security's data and does not believe "there is any significant risk to our users based on the claims shared with the press."

Advertisement

Thefts of personal information or financial losses can result from hackers breaking into other accounts relying on the same credentials.

Mail.ru said it found that 12.42 percent of the sampling had been marked by its computers as suspicious and blocked.

Advertisement

Holden said he had supplied a randomised sample of data that represents less than one-tenth of the exposed Mail.ru records. He said he was ready to provide Mail.ru the full dataset.

Hackers know users cling to favourite passwords. It is why attackers reuse old passwords found on one account to try to break into other accounts of the same user.

Mail.ru said its experts constantly monitor the web for data dumps to see if Mail.ru account credentials are compromised. It said the "sole purpose" of revealing the possible credential theft was to create media hype and to promote Holden's business.

Holden, whose firm earns commissions from providing threat intelligence to big companies, said he had spent the past week informing any company whose credentials appeared to have been stolen and was doing it for free.

"We have no claim to this information because we just retrieved it from the hacker and are sharing it with the community," he said. Hold Security refuses to publish the database of stolen accounts but said it provides specific data to authorised technical staff at the affected firms.

© Thomson Reuters 2016

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. Best Camera Phones Under Rs. 30,000 for Content Creators in India
  1. Amazon Prime Day 2026 Laptop Deals: Best Discounts on HP, Asus, Lenovo, Dell, Acer Models
  2. Best Camera Phones Under Rs. 30,000 for Content Creators in India: Motorola Edge 70 Fusion, Galaxy F56, More
  3. Boat Stone 900 Launched in India With Up to 80W Sound Output, Up to 15 Hours Audio Playback: Price, Features
  4. Cyberpunk 2077 Has Sold 40 Million Copies, CD Projekt Red Confirms
  5. Nothing Phone 1 Receives Final Software Update With Latest Security Patches, Bug Fixes and Improvements
  6. Nokia 235 4G (2026), 215 4G (2026) Launched Alongside Nokia 210 4G, and 200 4G With AI Assistant Button
  7. Samsung Galaxy S27 Ultra Battery Details Leaked; Could Top iPhone 18 Pro Max's Battery Capacity
  8. OnePlus Ace 7 Series Tipped to Feature 185Hz Display, 9,000mAh Battery
  9. WhatsApp Rolls Out Primary Device Support on iPad, Tests New Setup Screen for Android Tablets: Report
  10. Government Directs App Stores to Remove Malicious Apps Used to Disrupt E-Rickshaw Operations: Report
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.