Newly 360 Million Stolen Credentials Up For Sale On Web-based Black Market

Security firm Hold Security revealed that Around 360 million stolen credentials are reportedly available for sale in the black market, though it is unsure where they came from or what they can be used to access.

The stolen account credentials could also be from several yet-to-be- reported security breaches.

Chief Information Security Officer at the firm, Alex Holden said that over a period of just three weeks his company was able to identify 360 million different account credentials that were available for sale on Web-based black market services.

According to the report, the credentials include user names, which are often e-mail addresses, and passwords that in "most cases" are in unencrypted text. The e-mail addresses in the credentials are from all major services, including Gmail and Yahoo.

The discovery could represent more of a risk to consumers and companies than stolen credit card data because of the chance the sets of user names and passwords could open the door to on-line bank accounts, corporate networks, health records and virtually any other type of computer system.

Recently, US retailer Target Corp. experienced a mega security breach in which data of about 110 million customers was compromised.

Holden said that what is most concerning is that the 360 million credentials were predominantly new to the black market sites, and he believes that the breaches that delivered the credentials into hacker hands were yet to be reported.