Skip to main content

Millions of personal details found for sale online

A security firm has uncovered around 360 million stolen account details that were available to purchase on black market websites.

The find by Hold Security has been described by experts as a "treasure trove" that could be easily exploited by cyber-criminals.

"It is Godzilla-sized, it is a monster", online security consultant Graham Cluley told the BBC (opens in new tab). "There may be some duplicates but, even so, it sounds like a complete treasure trove for cybercriminals."

The batch of details includes email addresses and their corresponding passwords that could potentially be used to compromise even more associated accounts, including health records, corporate networks and bank accounts.

"What normally comes out is not only spam and phishing attacks, but also that the combination of email and password can be used in multiple places because people use the same ones across different sites," Cluley said.

Related: Adobe data breach may have hit 38 million users (opens in new tab)

In the first three weeks of February, Hold Security also identified 1.25 billion records containing only email addresses.

The security firm stated on its website: "These mind boggling numbers are not meant to scare you and they are a product of multiple breaches which we are independently investigating."

It is not yet known if there are duplicate copies of the account details found and no information has been provided as to which companies may have been compromised in the gathering of such information.

"The sheer volume is overwhelming," Alex Holden, Hold Security's chief information security officer told Reuters (opens in new tab) news agency. "We have staff working around the clock to identify the victims."

Related: Last year's 6 most devastating hacks, breaches and security catastrophes (opens in new tab)