Experts have discovered a total of 272.3 million hacked usernames and passwords for sale in the Russian criminal underworld.
The accounts include tens of millions of credentials for the world’s three largest email providers, Microsoft, Gmail and Yahoo.
It is one of the largest stashes of stolen credentials to be discovered since cyber attacks affected US banks two years ago.
Cybersecurity business Hold Security discovered the data breach when it came across a young Russian bragging in an online forum that he had collected and was preparing to give away 1.17 billion records for 50 roubles.
After the hacker removed duplicates, the cache contained 272.3 million stolen accounts.
The hacker agreed to give up the information to Hold Security for free, after they agreed to post favorable comments about him in forums.
Yahoo Mail credentials made up 15% of the IDs discovered, while Gmail made up 9% and Hotmail made up 12%.
“This information is potent. It is floating around in the underground and this person has shown he’s willing to give the data away to people who are nice to him,” Holden told Reuters.
“These credentials can be abused multiple times.”
A Microsoft spokesman said stolen online credentials were an unfortunate reality in the digital age.
“Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access,” the company said.
Security experts have warned users to change their passwords.
