Breach, Data Security

Files containing 360 million credentials, 1.25 billion email addresses, located on Deep Web

The number of individuals impacted in data breaches is skyrocketing.

In the first three weeks of February, Hold Security – a company that aided in discovering a number of breaches, including Adobe – has located more than 20 data files on the Deep Web that together contain roughly 360 million email addresses with passwords, and about 1.25 billion email addresses alone.

“In sheer numbers, this is a major change in what we've seen being reported,” Alex Holden, CISO at Hold Security, told on Friday, explaining it may stem from a significant increase in the number of online accounts over time. “Even if you have a success rate that is a fraction of a percent, it's still a huge number,” he said.

The biggest file Hold Security unearthed on the Deep Web in February contained 105 million email addresses and passwords, Holden said, but added that, as with all 22 caches of credentials discovered by the company, the data in each file could be the product of multiple breaches.

The Deep Web consists of portions of the internet that are not indexed by traditional search engines and are only reachable using browsers such as Tor.  

Spammers will typically pay a pretty penny for massive lists of email addresses, and many of the email addresses in these files are for Yahoo, Microsoft, Google and AOL accounts, Holden said, adding that victims are located all over the world, including in the United States.

Investigations are ongoing and Holden said he is unsure what techniques the attackers used to obtain the email addresses and passwords. He did say that, in order to collect troves of email addresses, spammers accessed email accounts and downloaded address books.

“Some of this may come from dating sites and job sites,” Holden said, explaining that spammers will target singles and people looking for jobs because they are more susceptible to opening and responding to related emails.

Hold Security unearthed the files while seeking out information for its clients as part of its Deep Web Monitoring services, Holden said, adding the company has had discussions with law enforcement and is communicating with major organizations that have been impacted.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.