A cybersecurity firm said on Tuesday that it uncovered stolen credentials from some 360 million accounts that are available for sale on cyber black markets, though it is unsure where they came from or what they can be used to access. The discovery could represent more of a risk to consumers and companies than stolen credit card data because of the chance the sets of user names and passwords could open the door to online bank accounts, corporate networks, health records and virtually any other type of computer system.
A cybersecurity company said Tuesday it has obtained a list of 360 million account credentials for Web services, likely collected through multiple data breaches. Analysts with Hold Security came across the credentials during their work over the last three weeks while studying underground forums where stolen data is for sale, said Alex Holden, chief information officer with the Wisconsin-based company. “This month has been very fruitful for hackers,” he said in a phone interview. One batch of 105 million details, discovered about 10 days ago by the company, included email addresses and corresponding passwords, but it isn’t clear what Web services the credentials unlock, he said. It is possible the data came in part from data breaches at dating or job-related sites, which would have large numbers of users, although it has not been confirmed, he said.